django-u2f
django-u2f copied to clipboard
gavinwahl
FIDO U2F security token support for Django
Backup codes by themselves are not a good option for multi-factor authentication, and yet at present it is too easy for users to generate backup codes and, in the process,...
I updated from an earlier version of django-u2f, and none of the key communication works. I can't sign in or add a new key. The javascript console shows: ``` u2f-api.js:607...
I’ve seen error messages that weren’t encapsulated in the `gettext_lazy()` function. We should make sure that every string echoed by Django-U2F is ready to be translated, and provide a second...
Any exception (for example, a `JSONDecodeError`) while decoding the responses from the client leads to an error page instead of showing the form again with a readable error
We want templates that could be used in a real environment without too many shame, for a start
Implemented a TODO related to a token's counter. The counter is [stored by the token, starts at 0](http://fidoalliance.org/specs/fido-u2f-v1.0-ps-20141009/fido-u2f-implementation-considerations-ps-20141009.html#token-counters), and should always increase. If not, it [may be an indication that...
Sample report: https://coveralls.io/github/moreati/django-u2f
Yubico says that challenges should expire: https://developers.yubico.com/U2F/Libraries/Advanced_topics.html > #### Challenge Expiration > > It is good practice to treat challenges older than X minutes as expired.
