Hi Yonas, that is an unfair characterization of WebAuthn. WebAuthn supports passwordless authentication as strong first factor (albeit often supporting a limited number of credentials because it requires storage on the device). But Webauthn also (and this is imo more widely used) supports a strong unphishable second factor. So no, we are not going to treat it as an alternative for the auth system; it is the one 2FA system that we want the most.
Cheers, Florian On Saturday, April 9, 2022 at 2:31:54 AM UTC+2 Yonas wrote: > Hi Florian, > > WebAuthn promotes password-less authentication, so let’s treat it as an > alternative to the Django auth system while implementing 2FA for the > password-based Django auth. > > On Friday, April 8, 2022 at 8:56:18 PM UTC+3 f.apo...@gmail.com wrote: > >> Hi Yonas, >> >> On Friday, April 8, 2022 at 3:18:23 AM UTC+2 Yonas wrote: >> >>> There are multiple ways to implement MFA, as you mentioned. But the goal >>> here is to provide a simple mechanism. It's "not necessary" to cover every >>> use case, and I believe that's where third-party packages come in. >>> >> >> While it is not required to cover every usecase, WebAuthn would be at >> the top of the list. I do not think adding MFA to core without having >> support for WebAuthn is going to get much traction. >> >> Cheers, >> Florian >> > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/e6e03feb-3c77-4cfa-b318-2b0354f2faefn%40googlegroups.com.
