Securing Django with multi factor authentication using Django-MFA
What is MFA?
Multifactor authentication (MFA) is a security system that requires more than one method of authentication to verify the user’s identity for a login or other transaction.
Why go for MFA?
One of the major problems with traditional user ID and password login is the need to maintain a password database. Whether encrypted or not, if the database is captured it provides the hacker with a source to verify his guesses at speeds limited only by his hardware resources. Given enough time, a captured password database will fall. To avoid this break we do prefer multifactor authentication.
Multifactor Authentication Technologies:
There are multiple ways we could get the MFA like using hardware devices that the user carries to authorize access to a network service. Software-based security token applications that generate a single-use login PIN. Soft tokens are often used for multifactor mobile authentication, in which the device itself — such as a smartphone — provides the possession factor or SMS messages and phone calls sent to a user as an out-of-band method, smartphone OTP apps.
In the current blog post, we see how to implement MFA in Django.
How can we implement MFA in Django:
We do have an awesome package developed in Django called DjangoMFA. That gives us the flexibility of how to setting up MFA. We can generate two types of passwords in Django-MFA one is HMAC-based One Time Password (HOTP) and Time-based One-time Password Algorithm (TOTP). In this blog post, we will see how to enable the TOTP-based MFA using Django-MFA.
We can get the facility of MFA using Django-MFA by following the following simple steps.
- Install Django-MFA with the following command.
pip install django-mfa
2. Keep the following settings in your settings.py
INSTALLED_APPS = [ … ‘django_mfa’, ]
MIDDLEWARE_CLASSES = [ … ‘django_mfa.middleware.MfaMiddleware’, ]
3. Include the following in your root urls.py
urlpatterns = [ … url(r’^settings/’, include(‘django_mfa.urls’, namespace=”mfa”)), ]
That’s it, now you have the feature of MFA in your Django project. Once you have followed the above steps, you can just go to “/settings/security/” in your address bar, you can get the flow of enabling MFA to your account.
