A bit late on this article, but better late than never! Back on October 27th, 2016 I gave a talk at Django Boston entitled “Adding Two-Factor Authentication to Django (with django-allauth)”. It was a ~20 minute talk on integrating the django-allauth-2fa package into a Django project. The package (which I should note is maintained by my employer and used in production on Strongarm) expands the excellent django-allauth package by adding two-factor authentication using TOTP (and backup codes).
Integrating this into your project is (mostly) just some configuration changes to your settings.py, and URL configuration! It takes advantage of the awesome adapter methodology, the django-otp package to do all the 2FA bits, and some custom middleware to enforce 2FA during login.
You can view a rendered version of the slides online (use the arrow keys to navigate) or check out the source. We’re always look for more contributors to django-allauth-2fa, there’s plenty to do, including:
- More testing needed (different configurations, interaction with social accounts).
- Support for more device types (e.g. HOTP, YubiKey, Twilio). (#23)
- Support for multiple devices per user. (#36)
- Improving the documentation (e.g. add a quickstart document).
- Setting up and adding translations.
- Any other feedback you might have!