Our great sponsors
-
django-secure-auth
Secure authentication by TOTP, SMS, Codes & Question. Login protected by IP ranges and with captcha.
-
CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
django-mfa2
A Django app that handles MFA, it supports TOTP, U2F, FIDO2 U2F (Webauthn), Email Token and Trusted Devices
Adding MFA is a must, and for that you can use https://github.com/gotlium/django-secure-auth or https://github.com/mkalioby/django-mfa2. Just please avoid using SMS or codes sent by email as if they were true MFA. They aren't. If possible prefer FIDO2, and if not, go with TOTP (google authenticator).
There is a lot more related with application security, but that should be subject to a whole other topic. If you want to dive a little deeper, I suggest starting with the OWASP Cheat Sheet series: https://cheatsheetseries.owasp.org/
Adding MFA is a must, and for that you can use https://github.com/gotlium/django-secure-auth or https://github.com/mkalioby/django-mfa2. Just please avoid using SMS or codes sent by email as if they were true MFA. They aren't. If possible prefer FIDO2, and if not, go with TOTP (google authenticator).