clokep
commented
6 years ago There's a django-otp-yubikey that would likely make this easy to integrate. Probably need to solve #23 first though.
Open llann opened 6 years ago
clokep
commented
6 years ago There's a django-otp-yubikey that would likely make this easy to integrate. Probably need to solve #23 first though.
9mido
commented
3 years ago Just so others are aware, you can install django-otp-yubikey in settings.py and use the yubikey authenticator app (downloaded from yubikey website) to scan the QR code produced by django-allauth-2fa and generate an OTP that the hardware yubikey can now use to login via django-allauth-2fa just like google-authenticator and other authenticator mobile apps do. I didn't have to change any django-allauth-2fa code to use OTP with the yubikey.
It is now recommended to use webauthn as opposed to U2F (see below).
FIDO1 is older while FIDO2 is newer and uses more of a PKI approach.
U2F is supported on both FIDO1 and FIDO2 but FIDO2 U2F is better.
https://security.stackexchange.com/questions/220752/fido-and-fido2-differences
U2F / CTAP1 = Second factor authentication scheme in addition to the first factor (the user's password). The yubikey is what you have and a password is what you know.
UAF = First factor authentication only. Think biometrics like a fingerprint. Passwordless.
Webauthn = Part of FIDO2. Uses a javascript API for browser authentication where the browser talks to the yubikey device.
CTAP2 = Part of FIDO2. How a yubikey can talk to a browser and OS. Used to enable a passwordless, second-factor or multi-factor authentication experience.
Webauthn:
https://www.youtube.com/watch?v=jilKhi67qG0
https://gitlab.com/stavros/django-webauthin
https://github.com/shemigon/django-webauthn
https://github.com/duo-labs/py_webauthn
FIDO2:
https://github.com/CZ-NIC/django-fido
https://github.com/Yubico/python-fido2
https://developers.yubico.com/python-fido2/
If someone were to make a PR, here is a good demo to replicate for django-allauth-2fa:
https://demo.yubico.com/webauthn-technical/registration
Django MFA2 App:
Supporting U2F to be able to connect using a Yubikey would be a nice feature by integrating django-u2f or implementing it directly.