Auth0 looks like a need solution! And yes, I am a bit YubiKey fan myself. Use it for 2FA and PGP, worth every penny.
-- On 25. Apr 2019, 17:38 +0200, Александр Овчинников <alexan...@entropia.us>, wrote: > > > IMHO Django should provide a secure and simple (for developers) out of the > > box solution. > > I can't but agree with you. Today long (at least >15 characters [Chrome > password manager], but > 20 is much better) passwords created and stored in > password managers (some modern browsers include them or as alternative you > can try 1Password etc.) are still good solution but looks a little bit > outdated (there is better login experience). > > > "Django - The web framework for perfectionists with deadlines." > > Today password-based auth is not for perfectionists. No longer. > Perfectionists votes for passwordless login experience. It's E-mail > authentication (if you think about sms-based authentication, then do not use > it without 2FA, hackers may read your sms), some SaaS'es may create it for > you (Auth0: https://auth0.com/blog/how-passwordless-authentication-works/) or > hardware keys (Yubico: something like > https://www.yubico.com/products/yubikey-5-overview/, also check about their > support: > https://www.yubico.com/2018/04/yubico-and-microsoft-introduce-passwordless-login/). > > So. We would like provide ability to use passwordless (hardware keys, > E-mail-based) with optional 2FA (via OTP app on smartphone), OpenID Connect > (which uses JWT tokens, OAuth etc.). > -- > You received this message because you are subscribed to a topic in the Google > Groups "Django developers (Contributions to Django itself)" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/django-developers/d92P2V0YrbI/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > django-developers+unsubscr...@googlegroups.com. > To post to this group, send email to django-developers@googlegroups.com. > Visit this group at https://groups.google.com/group/django-developers. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-developers/99cf381b-3c5e-4560-97c7-9b9e160a5500%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/f4cd1648-2df6-417d-8569-d695496f5ce8%40Spark. For more options, visit https://groups.google.com/d/optout.
