I wish frameworks included 2FA support in the default auth systems. While there are third party packages to add 2FA support, adding support at the framework level would help drive 2FA adoption in a major way.
Question : How would you add 2FA to a django website? Ideally TOTP + yubikey + backup code, but TOTP + backup code is also fine. The website I plan to add 2FA support will be open source and is meant to be self hosted by users, so I want to avoid SaaS solutions. I came across a couple of packages : django-two-factor-auth [0] which is based on django-otp [1]. There's pyotp [2], which will require me to integrate it into the login flow (not a good idea to be writing login flows). If anyone's using the mentioned packages in production, would be interested to hear about your experience.
django-two-factor-auth seems to be a good choice (using django-otp alone might be considered too). I agree that pyotp is less suited, since it does not integrate easily with Django.
Question : How would you add 2FA to a django website? Ideally TOTP + yubikey + backup code, but TOTP + backup code is also fine. The website I plan to add 2FA support will be open source and is meant to be self hosted by users, so I want to avoid SaaS solutions. I came across a couple of packages : django-two-factor-auth [0] which is based on django-otp [1]. There's pyotp [2], which will require me to integrate it into the login flow (not a good idea to be writing login flows). If anyone's using the mentioned packages in production, would be interested to hear about your experience.
[0] https://github.com/Bouke/django-two-factor-auth
[1] https://django-otp-official.readthedocs.io/en/latest/
[2] https://github.com/pyotp/pyotp