U2F support #59
Comments
|
There's a |
|
Just so others are aware, you can install django-otp-yubikey in settings.py and use the yubikey authenticator app (downloaded from yubikey website) to scan the QR code produced by django-allauth-2fa and generate an OTP that the hardware yubikey can now use to login via django-allauth-2fa just like google-authenticator and other authenticator mobile apps do. I didn't have to change any django-allauth-2fa code to use OTP with the yubikey. It is now recommended to use webauthn as opposed to U2F (see below). FIDO1 is older while FIDO2 is newer and uses more of a PKI approach. U2F is supported on both FIDO1 and FIDO2 but FIDO2 U2F is better. https://security.stackexchange.com/questions/220752/fido-and-fido2-differences U2F / CTAP1 = Second factor authentication scheme in addition to the first factor (the user's password). The yubikey is what you have and a password is what you know. UAF = First factor authentication only. Think biometrics like a fingerprint. Passwordless. Webauthn = Part of FIDO2. Uses a javascript API for browser authentication where the browser talks to the yubikey device. CTAP2 = Part of FIDO2. How a yubikey can talk to a browser and OS. Used to enable a passwordless, second-factor or multi-factor authentication experience. Webauthn: https://www.youtube.com/watch?v=jilKhi67qG0 https://gitlab.com/stavros/django-webauthin https://github.com/shemigon/django-webauthn https://github.com/duo-labs/py_webauthn FIDO2: https://github.com/CZ-NIC/django-fido https://github.com/Yubico/python-fido2 https://developers.yubico.com/python-fido2/ If someone were to make a PR, here is a good demo to replicate for django-allauth-2fa: https://demo.yubico.com/webauthn-technical/registration Django MFA2 App: |
Supporting U2F to be able to connect using a Yubikey would be a nice feature by integrating django-u2f or implementing it directly.
The text was updated successfully, but these errors were encountered: