Is webauthn the multi-factor / 2FA spec to implement now? It's now approved; so while you experts are working on it it may be worth a look to just implement webauthn while we have funding for experts
https://www.w3.org/TR/webauthn/
Discourse mentions FIDO. FIDO2 is webauthn, AFAIU.
There are a number of implementations:
https://pypi.org/search/?q=webauthn
https://github.com/topics/webauthn
On Friday, March 22, 2019, Sumana Harihareswara sh@changeset.nyc wrote:
Work has started on the Open Technology Fund-supported project to improve Warehouse security, accessibility, and internationalization. More details in today's progress report:
https://discuss.python.org/t/pypi-security-work-multifactor-auth-progress- help-needed/1042/2
best, Sumana Harihareswara Warehouse project manager Changeset Consulting -- Distutils-SIG mailing list -- distutils-sig@python.org To unsubscribe send an email to distutils-sig-leave@python.org https://mail.python.org/mailman3/lists/distutils-sig.python.org/ Message archived at https://mail.python.org/archives/list/distutils-sig@ python.org/message/3E64P4GNVFSG4JA42OITJUCYU5H3QLAZ/