KEMBAR78
Django 2FA With Google Authenticator - DEV Community | PDF | Security Engineering | Crime Prevention
Scribd
Upload
21 views12 pages

Django 2FA With Google Authenticator - DEV Community

The document discusses implementing Two-Factor Authentication (2FA) using Google Authenticator in Django applications. It explains the importance of 2FA for enhancing security and provides a step-by-step guide for setting up a Django project with the necessary configurations and dependencies. The author emphasizes the significance of user authentication methods and encourages exploring innovative approaches to security.

Uploaded by

nerd$
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
21 views12 pages

Django 2FA With Google Authenticator - DEV Community

The document discusses implementing Two-Factor Authentication (2FA) using Google Authenticator in Django applications. It explains the importance of 2FA for enhancing security and provides a step-by-step guide for setting up a Django project with the necessary configurations and dependencies. The author emphasizes the significance of user authentication methods and encourages exploring innovative approaches to security.

Uploaded by

nerd$
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

Steve Yonkeu

Posted on 27 de mar.

8 1 2 1 1

Django 2FA With Google Authenticator


#django #webdev #programming #python

Django Crafts (5 Part Series)

1 Django 2FA With Google Authenticator

2 Role-Based Access Control in Django

3 Implementing SSO In Your Django Project

4 Captcha & reCaptcha For Django

5 Location and Device Fingerprinting

Django Django Djnago Djonga Djingo!!!

I have been on a mission to build things around Django for more than half a decade
now, you won't say it? Congratulations to me!!!
Back to business, Aren't you skeptical about your security on your applications or
platforms you use daily? To be honest I am.

Small exercise, go back to line one of this blog and read well. How many "Django"
can you see?

It is not more new to hear about terms like MFA, 2FA, OPT (TOPT, HOTP) and other
Passwordless. Today Let's get more interested into 2FA using Google Authenticator.
Why Google Authenticator? Jot that somewhere please, I will answer in a few
minutes.

What is 2FA?
This story goes way way way back around the... (kidding)

GIF

Two-Factor Authentication (2FA) is a security mechanism that requires two


independent authentication factors to verify a user's identity. It consists of a
knowledge factor (something you know, like a password) and a possession factor
(something you have, like an OTP token, authenticator app, or hardware key). The
authentication process involves entering the primary credential, followed by
verification using the second factor. It is commonly implementated into TOTP (Time-
Based One-Time Passwords) and FIDO2 security keys.
Based One-Time Passwords) and FIDO2 security keys.

Why the "Collabo" with Django?


You might have not known nor hear about Django, but give it a try. However Django
quickly and easily integrates with anti-phishing, breaches and brute force attacks
recent discoveries and those to come (You can always contradict me, Down).
Because of Django vast, rich, active communities and ecosystem libraries supporting
such integrations already do exist. Lastly and the most important, an extra security
layer, improving user confidence blocking attackers who reuse stolen passwords
from data breaches and also COMPLIANCE.

Implementation
With further ado, here is how this can be done with Django. Do not worry, in case you
miss something, I have the codebase somewhere for you, read carefully to see the
link. We will be going through the project setup (dependencies, structure and
configuration), models, db migrations and project execution.

Setting up the project


Whoever calls my name prior to a python project should call performance,
architecture, good resource utilization and best practices (but who defines best
practices?).

• Creating folders and virtual environment

mkdir django2fa && cd django2fa

python -m venv .venv

source .venv/bin/activate

pip install django-two-factor-auth webauthn pillow pyotp phonenumbers

• Creating Django Project and Django App

django-admin startproject django2fa .

python manage.py startapp accounts

touch accounts/urls.py

• Tree structure

.
├── .venv/
├── accounts
│ ├── admin.py
│ ├── apps.py
│ ├── __init__.py
│ ├── migrations
│ │ ├── 0001_initial.py
│ │ └── __init__.py
│ ├── models.py
│ ├── tests.py
│ ├── urls.py
│ └── views.py
├── db.sqlite3
├── django2fa
│ ├── asgi.py
│ ├── __init__.py
│ ├── settings.py
│ ├── urls.py
│ └── wsgi.py
├── manage.py
├── README.md
├── requirements.txt
└── templates
└── two_factor
└── _base.html

6 directories, 19 files

• Django project settings edits

# settings.py

+ SECRET_KEY = os.getenv('SECRET_KEY')

+ DEBUG = True if os.getenv('DEBUG') == 'True' else False


+ ALLOWED_HOSTS = os.getenv('ALLOWED_HOSTS').split(',') if os.getenv('ALLOWED_HOSTS') e

+ INSTALLED_APPS = [
# ...
+ 'django_otp',
+ 'django_otp.plugins.otp_static',
+ 'django_otp.plugins.otp_totp',
+ 'django_otp.plugins.otp_email',

+ 'two_factor',
+ 'two_factor.plugins.phonenumber',
+ 'two_factor.plugins.email',
+ 'two_factor.plugins.email',

+ 'accounts',
# ...
+ ]

+ MIDDLEWARE = [
# ...
+ 'django_otp.middleware.OTPMiddleware',
# ...
+ ]

# ...

+ AUTHENTICATION_BACKENDS = [
+ 'django.contrib.auth.backends.ModelBackend',
+ ]

+ LOGIN_URL = 'two_factor:login'
+ LOGIN_REDIRECT_URL = 'two_factor:profile'
+ LOGOUT_REDIRECT_URL = 'two_factor:login'

+ TWO_FACTOR_PATCH_ADMIN = True
+ TWO_FACTOR_STRIC = True

+ AUTH_USER_MODEL = 'accounts.STUser'

• Urls.py modifications:

from django.contrib import admin


from django.urls import path, include
from two_factor.urls import urlpatterns as tf_urls

urlpatterns = [
path('admin/', admin.site.urls),
path('', include(tf_urls)),
path('', include('accounts.urls')),
]

Let's have the demo


• Running migrations and creating a superuser
• DEMO
Wrapping Up
Alright, alright, what are your thoughts? Was this helpful? Personal thoughts about
these is to look for all possible ways to authenticate users. What about "Signin with
Eyes? or DNA?" Don't think it is a joke.

Because the people who are crazy enough to think they can change the world, are
the ones who do. - STEVE JOBS
So are you crazy enough?

Django Crafts (5 Part Series)

1 Django 2FA With Google Authenticator

2 Role-Based Access Control in Django

3 Implementing SSO In Your Django Project

4 Captcha & reCaptcha For Django

5 Location and Device Fingerprinting

Top comments (4)

Ijeoma Jahsway • 30 de mar.

Sweet 😊
🏃🏃🏃

Joël Fah • 28 de mar. • Edited

Being thinking on how to implement this some days ago ... I think I got my ref
now. kudos!! 👏

Steve Yonkeu • 28 de mar.

Thanks!!!

I am glad you found the right info you needed.


c a • 28 de mar.

this is very cool, well done

Code of Conduct Report abuse

ACI.dev PROMOTED

ACI.dev: Fully Open-source AI Agent Tool-Use Infra


(Composio Alternative)
100% open-source tool-use platform (backend, dev portal, integration library,
SDK/MCP) that connects your AI agents to 600+ tools with multi-tenant auth,
granular permissions, and access through direct function calling or a unified
MCP server.

Check out our GitHub!

Steve Yonkeu

If you can't code, document it

LOCATION
0.0.0.0/0
EDUCATION
EDUCATION
University of ... (kidding Self Thought)
PRONOUNS
He/Him/His
WORK
Backend and Cloud Engineer
JOINED
13 de nov. de 2020

More from Steve Yonkeu

Location and Device Fingerprinting


fingerprint webdev django python

Captcha & reCaptcha For Django


django python webdev programming

Implementing SSO In Your Django Project


python webdev programming django

Sentry PROMOTED
Make it make sense
Make sense of fixing your code with straight-forward application monitoring.

Start debugging →

You might also like