Hi Florian,
WebAuthn promotes password-less authentication, so let’s treat it as an
alternative to the Django auth system while implementing 2FA for the
password-based Django auth.
On Friday, April 8, 2022 at 8:56:18 PM UTC+3 f.apo...@gmail.com wrote:
> Hi Yonas,
>
> On Friday, April 8, 2022
Hi Jacob,
I am afraid this does not help much at all. Assuming a malicious client
wants to attack you, they can still just issue one request to get this
"other hidden field". Then they wait 5 seconds and are free to send
thousands of requests with that token (Well till it expires, then they
Hi Yonas,
On Friday, April 8, 2022 at 3:18:23 AM UTC+2 Yonas wrote:
> There are multiple ways to implement MFA, as you mentioned. But the goal
> here is to provide a simple mechanism. It's "not necessary" to cover every
> use case, and I believe that's where third-party packages come in.
>
Thank you for the information, we will incorporate the changes as per the
recommendation and will raise a PR against the docs soon.
On Friday, April 8, 2022 at 12:54:07 PM UTC+5:30 Adam Johnson wrote:
> Hi
>
> I think the only process would be to open a pull request against that
>
Hi
I think the only process would be to open a pull request against that
documentation page.
As to your package, it could do with some more documentation. I'm sure
there are some limitations. Have you tried running the Django test suite
with it?
I would also recommend renaming it to