When we deploy web applications, users entrust their data to us and expect that we will protect it. Meanwhile, recent high-profile breaches have underscored the risks of username+password authentication, which is the default in Django and other Python web frameworks. One of the best ways to mitigate this risk and protect our users’ data is to add multi-factor authentication (MFA) capability to our applications: one-time passwords (TOTP), hardware keys (Yubikeys, U2F, etc.), email-based authentication etc.
You will learn how to implement U2F key and TOTP-based multi-factor authentication in your own Python-based web applications in just a few minutes.