Hi,
On 09/04/2022 20.50, Dan Davis wrote:
MFA is typically built with some form of federated login
I am not sure that this is "typical", but I agree that many
organizations want to manage keys in a single place. The trouble with
WebAuthn is that is a challenge-response protocol, so you cannot
to
>> choose it.
>>
>> I do agree that a simple, opinionated solution in django itself could
>> push 2FA adaption and therefore general security on the web, which is
>> clearly a good thing. But I still think this works better in a third
>> party app such
Hi,
On 09/04/2022 11.35, Carlton Gibson wrote:
But — question — would documenting the existing options be viable?
We don't normally point to (many) third-party apps in the docs. It's too
variable, too difficult to maintain (etc).
The exception is third-party databases backends, which we do lin
; choose it.
>>
>> I do agree that a simple, opinionated solution in django itself could
>> push 2FA adaption and therefore general security on the web, which is
>> clearly a good thing. But I still think this works better in a third
>> party app such as django-mfa3.
>
ree that a simple, opinionated solution in django itself could
> push 2FA adaption and therefore general security on the web, which is
> clearly a good thing. But I still think this works better in a third
> party app such as django-mfa3.
>
> best,
> tobias
>
>
> On 07
Hi Yonas,
that is an unfair characterization of WebAuthn. WebAuthn supports
passwordless authentication as strong first factor (albeit often supporting
a limited number of credentials because it requires storage on the device).
But Webauthn also (and this is imo more widely used) supports a str
Hi Florian,
WebAuthn promotes password-less authentication, so let’s treat it as an
alternative to the Django auth system while implementing 2FA for the
password-based Django auth.
On Friday, April 8, 2022 at 8:56:18 PM UTC+3 f.apo...@gmail.com wrote:
> Hi Yonas,
>
> On Friday, April 8, 2022
Hi Yonas,
On Friday, April 8, 2022 at 3:18:23 AM UTC+2 Yonas wrote:
> There are multiple ways to implement MFA, as you mentioned. But the goal
> here is to provide a simple mechanism. It's "not necessary" to cover every
> use case, and I believe that's where third-party packages come in.
>
Whi
neral security on the web, which is
> clearly a good thing. But I still think this works better in a third
> party app such as django-mfa3.
>
> best,
> tobias
>
>
> On 07/04/2022 14.42, Yonas wrote:
> > Hello,
> >
> > The idea to implement MFA (2FA) h
clearly a good thing. But I still think this works better in a third
party app such as django-mfa3.
best,
tobias
On 07/04/2022 14.42, Yonas wrote:
Hello,
The idea to implement MFA (2FA) has been brought up a couple of times
over the past years. And the community seems interested.
I am willing
Hello,
The idea to implement MFA (2FA) has been brought up a couple of times over
the past years. And the community seems interested.
I am willing to implement this feature (HOTP, TOTP, and email). However, a
QR code generator is required.
If someone can help with this, it would be awesome
11 matches
Mail list logo
