Earlier this year, PyPI announced that they would require all users to enable a form of two-factor authentication on their accounts by the end of 2023.
2FA is now enabled on the collective account.
If you maintain or release a package as the collective user, you will need to use either Trusted Publishers (preferred) or API tokens to upload to PyPI.
Why is PyPI requiring 2FA?
PyPI is requiring 2FA to protect our account and the packages we upload, and to protect PyPI from malicious actors.
Read more on this blog post.
If you run into problems, read the FAQ page. If the solutions there are unable to resolve the issue, contact PyPI via support@pypi.org or our own pypi@plone.org.