Re: MFA (2FA)

2022-04-09 Thread Dan Davis
My intuition is that Webauthn will be hard to support because of the varieties of ways to secure the private key (Yubikey, HIDGlobal, etc.) and the complexities of managing key pairs without devices. PGP/GnuPG followed a trajectory where we had ways to secure email, but it was too complicated to

Django issus

2022-04-09 Thread Hanen Mdaghi
hello ! I whish that you are fine, i try to migrate my model my model name is employee but it dosent work the issus msj is ImportError:cannot import name 'employee' from 'polls.models' -- You received this message because you are subscribed to the Google Groups "Django developers

Re: MFA (2FA)

2022-04-09 Thread Tobias Bengfort
Hi, On 09/04/2022 11.35, Carlton Gibson wrote: But — question — would documenting the existing options be viable? We don't normally point to (many) third-party apps in the docs. It's too variable, too difficult to maintain (etc). The exception is third-party databases backends, which we do

Re: MFA (2FA)

2022-04-09 Thread Yonas
@Florian, you're right; it can be used as 2FA. But take a look at how members of the FIDO alliance describe WebAuthn. 1. The last two sections of the website (Member Perspectives on FIDO2 and FIDO in the News) 2. https://webauthn.guide/ On Saturday, April 9,

Re: MFA (2FA)

2022-04-09 Thread Carlton Gibson
> I do agree that a simple, opinionated solution in django itself could > push 2FA adaption and therefore general security on the web, which is > clearly a good thing. But I still think this works better in a third > party app such as django-mfa3. I'd very much like us to have **some** story

Re: MFA (2FA)

2022-04-09 Thread Florian Apolloner
Hi Yonas, that is an unfair characterization of WebAuthn. WebAuthn supports passwordless authentication as strong first factor (albeit often supporting a limited number of credentials because it requires storage on the device). But Webauthn also (and this is imo more widely used) supports a