Is webauthn the multi-factor / 2FA spec to implement now? It's now approved; so while you experts are working on it it may be worth a look to just implement webauthn while we have funding for experts
Discourse mentions FIDO. FIDO2 is webauthn, AFAIU.
There are a number of implementations:
On Friday, March 22, 2019, Sumana Harihareswara firstname.lastname@example.org wrote:
Work has started on the Open Technology Fund-supported project to improve Warehouse security, accessibility, and internationalization. More details in today's progress report:
best, Sumana Harihareswara Warehouse project manager Changeset Consulting -- Distutils-SIG mailing list -- email@example.com To unsubscribe send an email to firstname.lastname@example.org https://mail.python.org/mailman3/lists/distutils-sig.python.org/ Message archived at https://mail.python.org/archives/list/distutils-sig@ python.org/message/3E64P4GNVFSG4JA42OITJUCYU5H3QLAZ/