Markus Holtermann
Markus Holtermann
I just opened a pull request for that: https://github.com/Bouke/django-two-factor-auth/pull/169
As with #98 I think that's a general enhancement django_otp should implement by rejecting a successfully proven token as invalid.
@moggers87 > Having thought about this some more, I'm wondering why D2FA views only look for a single StaticDevice - is there actually a use-case where a user would have...
This sounds like a valid feature request to work on.
/unstale
How/where did you submit the post? The second link (https://www.djangoproject.com/community/blogs/) is a "planet", collecting blog posts from several blogs out there, automatically.
I don't think that's a secure approach. You're reducing the key size by orders of magnitude. E.g. a 256-bit key (32 bytes) is now not `2**256` bits long anymore but...
> It's fine to split e.g. a 512 bit secret 8 bits at a time over a scheme using GF(2^8) because the scheme is information theoretic secure. You can't "attack"...
Obviously, please set `required=False` according to the [Django docs](https://docs.djangoproject.com/en/1.9/ref/forms/fields/#booleanfield)
Ah, that sounds legit.