Hi Yonas,
that is an unfair characterization of WebAuthn. WebAuthn supports
passwordless authentication as strong first factor (albeit often supporting
a limited number of credentials because it requires storage on the device).
But Webauthn also (and this is imo more widely used) supports a str
Hi Florian,
WebAuthn promotes password-less authentication, so let’s treat it as an
alternative to the Django auth system while implementing 2FA for the
password-based Django auth.
On Friday, April 8, 2022 at 8:56:18 PM UTC+3 f.apo...@gmail.com wrote:
> Hi Yonas,
>
> On Friday, April 8, 2022
Hi Jacob,
I am afraid this does not help much at all. Assuming a malicious client
wants to attack you, they can still just issue one request to get this
"other hidden field". Then they wait 5 seconds and are free to send
thousands of requests with that token (Well till it expires, then they nee
Hi Yonas,
On Friday, April 8, 2022 at 3:18:23 AM UTC+2 Yonas wrote:
> There are multiple ways to implement MFA, as you mentioned. But the goal
> here is to provide a simple mechanism. It's "not necessary" to cover every
> use case, and I believe that's where third-party packages come in.
>
Whi
Thank you for the information, we will incorporate the changes as per the
recommendation and will raise a PR against the docs soon.
On Friday, April 8, 2022 at 12:54:07 PM UTC+5:30 Adam Johnson wrote:
> Hi
>
> I think the only process would be to open a pull request against that
> documentation
Hi
I think the only process would be to open a pull request against that
documentation page.
As to your package, it could do with some more documentation. I'm sure
there are some limitations. Have you tried running the Django test suite
with it?
I would also recommend renaming it to 'django-yuga
