By continuing to navigate on this website, you accept the use of cookies to serve you more relevant services & content.
For more information and to change the setting of cookies on your computer, please read our Cookie Policy.

Multifactor Authentication with Django MFA using Google Authenticator

What is MFA?

Multifactor authentication (MFA) is a security system that requires more than one method of authentication to verify the user’s identity for a login or other transaction.

Why go for MFA?

One of the major problems with traditional user ID and password login is the need to maintain a password database.

Whether encrypted or not, if the database is captured it provides the hacker with a source to verify his guesses at speeds limited only by his hardware resources.

Given enough time, a captured password database will fall. To avoid this break we do prefer multifactor authentication.

How Multifactor Authentication Works?

There are multiple ways we could get the MFA like using hardware devices that the user carries to authorize access to a network service.

Software-based security token applications that generate a single-use login PIN.

Soft tokens are often used for multifactor mobile authentication, in which the device itself – such as a smartphone – provides the possession factor or  SMS messages and phone calls sent to a user as an out-of-band method, smartphone OTP apps.

Enabling MFA for your Account.

The user should follow the following steps to enable MFA to their accounts.

  1. A User needs to enable MFA by scanning QR code using Google authenticator app.
  2. After Enabling MFA, they need to login into their account by entering code present in google authenticator app.
  3. A user can recover their account by using recovery codes.

In the current blog post, we see how to implement MFA in Django.

How can we implement MFA in Django:

We do have an awesome package developed in Django called DjangoMFA. That gives us the flexibility of how to setting up MFA.

We can generate two types of passwords in Django-MFA one is HMAC-based One Time Password (HOTP) and Time-based One-time Password Algorithm (TOTP).

In this blog post, we will see how to enable the TOTP-based MFA using Django-MFA.

We can get the facility of MFA using Django-MFA by following the following simple steps.

  1. Install Django-MFA with the following command.
    pip install django-mfa
  2. Keep the following settings in your settings.py
    INSTALLED_APPS = [
    	   ...
    	   'django_mfa',
    	]
    MIDDLEWARE_CLASSES = [
    	   ...
    	   'django_mfa.middleware.MfaMiddleware',
    	]
  3. Include the following in your root urls.py
    urlpatterns = [
    	   ...
    	   url(r'^settings/', include('django_mfa.urls', namespace="mfa")),
    	]

That's it, now you have the feature of MFA in your Django project. Once you have followed the above steps, you can just go to "/settings/security/” in your address bar, you can get the flow of enabling MFA to your account.

Get The Code in Our Git Repository: https://github.com/MicroPyramid/django-mfa

For detail documentation visit: http://django-mfa.readthedocs.io/en/latest/index.html

    Posted On
  • 07 September 2016
  • By
  • Micropyramid

Need any Help in your Project?Let's Talk

Latest Comments
Related Articles
Advanced Querying in MongoDB

Advanced Queries of MongoDB: Inserting records to the database and retrieving data from database.
1. Wrapped Queries: Like, sort, limit, count.
2. Query Using Modifiers: ...

Continue Reading...
How do I profile django application using django web profiler

When working with a large scale applications which includes many modules, we need to focus on the performance to give more user statisfaction, sustainability. To ...

Continue Reading...
MONGODB GROUP() VS MAPREDUCE VS AGGREGATION Framework

The group() command, Aggregation Framework and MapReduce are collectively aggregation features of MongoDB. group(): Group Performs simple aggregation operations on a collection documents. Group is ...

Continue Reading...
open source packages

Subscribe To our news letter

Subscribe and Stay Updated about our Webinars, news and articles on Django, Python, Machine Learning, Amazon Web Services, DevOps, Salesforce, ReactJS, AngularJS, React Native.
* We don't provide your email contact details to any third parties