Two factor authentication using OTP
46 views
Skip to first unread message
Issa Kehinde
Jul 16, 2020, 7:52:47 AM7/16/20
to Django users
Hello everyone!
How can I implement a two factor authentication for my django web app?
After a user login with his/her credential (i.e. username and password), I want an OTP to be send to the user's phone number . The user will enter the OTP to gain final access to the web application.
Kasper Laudrup
Jul 16, 2020, 8:15:55 AM7/16/20
to django...@googlegroups.com
Hi Issa,
Have you tried looking at look at this?
https://github.com/django-otp
Kind regards,
Kasper Laudrup
https://github.com/django-otp
Kind regards,
Kasper Laudrup
o1bigtenor
Jul 16, 2020, 9:19:59 AM7/16/20
to django...@googlegroups.com
As a person who has very very very terrible wireless phone reception where I live I would hope that there is some other method that can be used to help with two factor authentication without using the bloody useless cell phone.
It seems that the programming community thinks that everyone has absolutely wonderful reception so that the use of a SMS text is a wonderful idea.
There must be a better option that doesn't need to use of a cell phone. (I hope and if not one should be found!)
Please rethink your proposed plan sir!
Kasper Laudrup
Jul 16, 2020, 9:51:17 AM7/16/20
to django...@googlegroups.com
Hi o1bigtenor,
On 16/07/2020 15.18, o1bigtenor wrote:
>
> As a person who has very very very terrible wireless phone reception
> where I live I would hope that there is some other method that can be
> used to help with two factor authentication without using the bloody
> useless cell phone.
> It seems that the programming community thinks that everyone has
> absolutely wonderful reception so that the use of a SMS text is a
> wonderful idea.
> There must be a better option that doesn't need to use of a cell phone.
> (I hope and if not one should be found!)
>
> Please rethink your proposed plan sir!
>
In addition to that, it might be worth considering that accessing the
web site from the same phone as the one receiving the one-time password
defeats the whole purpose of two factor authentication if an attacker
has control over the phone.
Key cards with pregenerated one time codes or something like YubiKey:
https://en.wikipedia.org/wiki/YubiKey
seems like a much better option.
Kind regards,
Kasper Laudrup
On 16/07/2020 15.18, o1bigtenor wrote:
>
> As a person who has very very very terrible wireless phone reception
> where I live I would hope that there is some other method that can be
> used to help with two factor authentication without using the bloody
> useless cell phone.
> It seems that the programming community thinks that everyone has
> absolutely wonderful reception so that the use of a SMS text is a
> wonderful idea.
> There must be a better option that doesn't need to use of a cell phone.
> (I hope and if not one should be found!)
>
> Please rethink your proposed plan sir!
>
web site from the same phone as the one receiving the one-time password
defeats the whole purpose of two factor authentication if an attacker
has control over the phone.
Key cards with pregenerated one time codes or something like YubiKey:
https://en.wikipedia.org/wiki/YubiKey
seems like a much better option.
Kind regards,
Kasper Laudrup
carlos
Jul 16, 2020, 1:53:53 PM7/16/20
to django...@googlegroups.com
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/9357377a-13c6-c4bc-7328-70179ce99d15%40stacktrace.dk.
att.
Carlos Rocha
Reply all
Reply to author
Forward
0 new messages