6 digit OTP for Two Factor Auth (2FA) is brute-forceable in 3 days
OTP/TOTP for two factor auth (2FA/MFA) is very easy to misunderstand and implement insecurely
A simple password-less, email-only login system
A simple password-less login system to consider for some use cases, with Django code.
Why escape-on-input is a bad idea
With examples from the web development world especially PHP, and lessons for Pythonistas
Updated validator and CsrfMiddleware
I've released some small updates to my 'Django validator app' and 'CsrfMiddleware'...