Fwiw, 2fa is on my short list of things to implement into my current project. It's a fairly important feature to me, as this is a financial project. And that particular implementation is precisely what I was looking to use. I would happily contribute money and/or time toward this implementation, especially if there was a happy upgrade path from Bouke's library. On Oct 26, 2015 15:47, "Josh Smeaton" <[email protected]> wrote:
> Having pluggable 2fa backends is a great idea. > > Many sites that allow 2fa have it as an option per user. I would think > Django would allow the same. Allow admins to force 2fa, or allow Users to > choose if they'd like it enabled. > > There'd have to be ORM/Model support (presumably) for user choices. A > migration may be necessary, or just a completely separate table. Just > things to consider. > > Cheers > > On Tuesday, 27 October 2015 04:30:25 UTC+11, Donald Stufft wrote: >> >> I agree with Alex, no idea about that particular implementation though. >> It supports a lot of different implementations of two factor, though I >> suspect Django wouldn’t need all of those things. I think it would be >> reasonable to define something like auth_backends, but for 2fa and just >> ship u2f and TOTP by default. >> >> On October 26, 2015 at 1:22:54 PM, Tim Graham ([email protected]) >> wrote: >> > >> > >> > On Trac [1], Alex says, "Django did a tremendous service to its users >> by >> > making strong password hashing be the default. The world is pushing >> > forward, and now 2fa is the next standard that many sites fail to meet. >> > Django should include support for 2fa out of the box, ideally with >> support >> > for both u2f and TOTP (Google Authenticator)." >> > >> > >> > Doing a quick search, I found >> > https://github.com/Bouke/django-two-factor-auth as a possible existing >> > implementation that might be a starting point if we decide to integrate >> > something. What do you think? One sticking point could be that it uses >> a >> > ThreadLocals middleware. I didn't look to see how "necessary" that is. >> > >> > >> > [1] https://code.djangoproject.com/ticket/25612 >> > >> > -- >> > You received this message because you are subscribed to the Google >> Groups "Django developers >> > (Contributions to Django itself)" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an email to [email protected]. >> > To post to this group, send email to [email protected]. >> > Visit this group at http://groups.google.com/group/django-developers. >> > To view this discussion on the web visit >> https://groups.google.com/d/msgid/django-developers/5ae7be8e-949c-4074-b613-04ca2a62fed8%40googlegroups.com. >> >> > For more options, visit https://groups.google.com/d/optout. >> > >> >> ----------------- >> Donald Stufft >> PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 >> DCFA >> >> >> -- > You received this message because you are subscribed to the Google Groups > "Django developers (Contributions to Django itself)" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/django-developers. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-developers/fe9102ce-a136-40f9-a95e-0254ebc340e2%40googlegroups.com > <https://groups.google.com/d/msgid/django-developers/fe9102ce-a136-40f9-a95e-0254ebc340e2%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CADBkHd%2Be%3DA4BLvRrO2Q0K2QfxgX4cN-6Nh6tejZYFQ2j6F3NPw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
