Opened 9 years ago

Last modified 12 months ago

#25612 assigned New feature

django.contrib.auth should include support for 2fa out of the box

Reported by: Alex Gaynor Owned by: theExplorer
Component: contrib.auth Version: dev
Severity: Normal Keywords:
Cc: Alex Gaynor, moritz.sichert@…, dheeru.rathor14@…, emorley@…, m.levental@…, justinmayer, Tom Carrick Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Django did a tremendous service to its users by making strong password hashing be the default. The world is pushing forward, and now 2fa is the next standard that many sites fail to meet.

Django should include support for 2fa out of the box, ideally with support for both u2f and TOTP (Google Authenticator).

Change History (12)

comment:1 by Tim Graham, 9 years ago

Triage Stage: UnreviewedSomeday/Maybe

django-developers discussion.

comment:2 by Tim Graham, 9 years ago

Triage Stage: Someday/MaybeAccepted

The reception on the mailing list has been positive.

comment:3 by Moritz Sichert, 9 years ago

Cc: moritz.sichert@… added

comment:4 by Dheerendra Rathor, 9 years ago

Cc: dheeru.rathor14@… added

comment:5 by Ed Morley, 9 years ago

Cc: emorley@… added

comment:6 by mlevental, 8 years ago

Cc: m.levental@… added
Owner: changed from nobody to mlevental
Status: newassigned

comment:7 by mlevental, 8 years ago

It should be distinguishable if a user is authenticated with 1 factor or 2, e.g. for checking if the user is already authenticated with the required number of factors so relogging can be omitted. Therefore a field like is_two_factor_authenticated can be added to the User model.

But then it would be unclear whether the existing field is_authenticated means the user is authenticated with 1 or 2 factors.
To find that out one would have to additionally check for the value of is_two_factor_authenticated and this would be cumbersome.
For convenience another field like is_one_factor_authenticated could be introduced. And to make is_authenticated behave correctly it should return True if either is_one_factor_authenticated or is_two_factor_authenticated is True.

What are your thoughts on that?

comment:8 by Tim Graham, 8 years ago

It would be better to put together a proposal and and post it on the DevelopersMailingList. That reaches a wider audience that the few people following the ticket.

comment:9 by mlevental, 7 years ago

Owner: mlevental removed
Status: assignednew

comment:10 by theExplorer, 3 years ago

Owner: set to theExplorer
Status: newassigned

comment:11 by Mariusz Felisiak, 2 years ago

Cc: justinmayer added

comment:12 by Tom Carrick, 12 months ago

Cc: Tom Carrick added
Note: See TracTickets for help on using tickets.
Back to Top