Use Multi-Factor Authentication Everywhere Because Passwords Are Terrible
a talk by Justin Mayer
When we deploy web applications, users entrust their data to us and expect that we will protect it. Meanwhile, recent high-profile breaches have underscored the risks of username+password authentication, which is the default in Django and other Python web frameworks. One of the best ways to mitigate this risk and protect our users’ data is to add multi-factor authentication (MFA) capability to our applications: one-time passwords (TOTP), hardware keys (Yubikeys, U2F, etc.), email-based authentication etc.
You will learn how to implement U2F key and TOTP-based multi-factor authentication in your own Python-based web applications in just a few minutes.
This talk is suitable for both beginner and advanced Pythonistas.
I am an active open-source contributor and advocate for stronger security and privacy.
My latest projects include Monitorial.com, a solution for identifying and addressing potential security vulnerabilities, and Fortressa.com, which enables anyone to create their own private, self-contained VPN. I am the primary maintainer of the Pelican static site generator, Django-Elevate, and various other open-source projects.
I speak fluent Japanese and I can usually be found with a glass of Valpolicella in one hand, and Taleggio in the other. (Wine and cheese, respectively.)