Is webauthn the multi-factor / 2FA spec to implement now? It's now approved; so while you experts are working on it it may be worth a look to just implement webauthn while we have funding for experts

https://www.w3.org/TR/webauthn/

Discourse mentions FIDO. FIDO2 is webauthn, AFAIU.

There are a number of implementations:

https://pypi.org/search/?q=webauthn

https://github.com/topics/webauthn

On Friday, March 22, 2019, Sumana Harihareswara <sh@changeset.nyc> wrote:
Work has started on the Open Technology Fund-supported project to improve Warehouse security, accessibility, and internationalization. More details in today's progress report:

https://discuss.python.org/t/pypi-security-work-multifactor-auth-progress-help-needed/1042/2


best,
Sumana Harihareswara
Warehouse project manager
Changeset Consulting
--
Distutils-SIG mailing list -- distutils-sig@python.org
To unsubscribe send an email to distutils-sig-leave@python.org
https://mail.python.org/mailman3/lists/distutils-sig.python.org/
Message archived at https://mail.python.org/archives/list/distutils-sig@python.org/message/3E64P4GNVFSG4JA42OITJUCYU5H3QLAZ/