> IMHO Django should provide a secure and simple (for developers) out of the > box solution. > I can't but agree with you. Today long (at least >15 characters [Chrome password manager], but > 20 is much better) passwords created and stored in password managers (some modern browsers include them or as alternative you can try 1Password etc.) are still good solution but looks a little bit outdated (there is better login experience).
"Django - The web framework for perfectionists with deadlines." > Today password-based auth is not for perfectionists. No longer. Perfectionists votes for passwordless login experience. It's E-mail authentication (if you think about sms-based authentication, then do not use it without 2FA, hackers may read your sms), some SaaS'es may create it for you (Auth0: https://auth0.com/blog/how-passwordless-authentication-works/) or hardware keys (Yubico: something like https://www.yubico.com/products/yubikey-5-overview/, also check about their support: https://www.yubico.com/2018/04/yubico-and-microsoft-introduce-passwordless-login/ ). So. We would like provide ability to use passwordless (hardware keys, E-mail-based) with optional 2FA (via OTP app on smartphone), OpenID Connect (which uses JWT tokens, OAuth etc.). -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/99cf381b-3c5e-4560-97c7-9b9e160a5500%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
