open-humans icon indicating copy to clipboard operation
open-humans copied to clipboard

Published 20 hours ago verified publisher icon OpenHumans

Support for Two-Factor Authentication

Open TebbeUbben opened this issue 5 years ago • 1 comments

Since Open Humans is dealing with very sensitive data, you should evaluate adding support for two-factor authentication to better protect the users' data. There is a variety of options available to realize this, not limited to:

  • HOTP/TOTP
  • SMS codes
  • WebAuthn
  • Recovery codes

2FA should be required for accounts with very strong security concerns such as admins and project leaders.

TebbeUbben avatar Jan 06 '20 18:01 TebbeUbben

I think it would be good to have this. There are some accounts (admin & project leaders) where ensuring the account control isn't breached is far more important than "average users".

Since we're already using django-allauth for password & social logins, I guess the first thing to do will be to look into https://github.com/percipient/django-allauth-2fa

madprime avatar Jan 06 '20 19:01 madprime