Our great sponsors
-
django-secure-auth
Secure authentication by TOTP, SMS, Codes & Question. Login protected by IP ranges and with captcha.
-
django-mfa2
A Django app that handles MFA, it supports TOTP, U2F, FIDO2 U2F (Webauthn), Email Token and Trusted Devices
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Add MFA to your application and require it for at least administrative users, super users or any user who has permissions to cause any damage to the application or its data. https://github.com/gotlium/django-secure-auth or https://github.com/mkalioby/django-mfa2. Ideally you'll add and MFA mechanism that supports FIDO2/WebAuthn, but you should also support TOTP (Google Authenticator). Whatever you do, DON'T use SMS, Text Messages or emails as if they were MFA. They aren't.
Add MFA to your application and require it for at least administrative users, super users or any user who has permissions to cause any damage to the application or its data. https://github.com/gotlium/django-secure-auth or https://github.com/mkalioby/django-mfa2. Ideally you'll add and MFA mechanism that supports FIDO2/WebAuthn, but you should also support TOTP (Google Authenticator). Whatever you do, DON'T use SMS, Text Messages or emails as if they were MFA. They aren't.