ThomasWaldmann
commented
10 years ago Original comment by Thomas Waldmann (Bitbucket: thomaswaldmann, GitHub: thomaswaldmann).
see also issue #380 - maybe better?
Open ThomasWaldmann opened 11 years ago
ThomasWaldmann
commented
10 years ago Original comment by Thomas Waldmann (Bitbucket: thomaswaldmann, GitHub: thomaswaldmann).
see also issue #380 - maybe better?
ThomasWaldmann
commented
11 years ago Original comment by Thomas Waldmann (Bitbucket: thomaswaldmann, GitHub: thomaswaldmann).
btw, it is important to also implement a switch to and away from 2fa, so not all users are required to use it (see how google and others handle it).
ThomasWaldmann
commented
11 years ago Original comment by Thomas Waldmann (Bitbucket: thomaswaldmann, GitHub: thomaswaldmann).
a simple flask demo app for otp / 2factor
ThomasWaldmann
commented
11 years ago Original comment by Thomas Waldmann (Bitbucket: thomaswaldmann, GitHub: thomaswaldmann).
here is an existing implementation for wordpress:
http://wordpress.org/extend/plugins/google-authenticator/screenshots/
Original report by Thomas Waldmann (Bitbucket: thomaswaldmann, GitHub: thomaswaldmann).
The original report had attachments: flaskapp.py
add support for apps like google authenticator, use pyotp, oath or just some builtin code.
http://stackoverflow.com/questions/8529265/google-authenticator-implementation-in-python
maybe needs some additional code to generate qr code for the shared secret, e.g.:
https://github.com/lincolnloop/python-qrcode
see also the passlib issue about this:
http://code.google.com/p/passlib/issues/detail?id=44
Note: while not strictly required, it is useful to have a device that can scan a qrcode for this task. otherwise you have to somehow otherwise share the secret.