[Solved]-Django Two Factor Authentication


Steve, you can implement two factor authentication in django without the use of a paid 3rd party.

You can do it by implementing the pyOTP library directly, and then having the user use the Google Authenticator app. Since it is all math there are no third party services when the code is generated or validated.

I have implemented this on a django website before. It involves setting up a OTP secret, verifying it. Then each time an auth is needed, generating the QR code for them to scan using a provisioning URI, then combining the 2FA verification with your auth. All of those steps can be done using the pyOTP library alone. (I also used the pyqrcode library to generate the scannable qr code)

If you search you can probably find some examples of people who have already built out these smaller steps in bigger libraries, like this one.

If you wanted to offer SMS based 2FA you would need to look at using Twilio. But that is perhaps a feature and not necessary.



Two-factor can work not only through SMS messages. It can be also implemented by using for example:

  • Pre-generated one-time passwords/pin codes
  • OTP/TOTP algorithm
  • email messages
  • Custom communication channel (like your own mobile app that will contact with your server and fetch login code)
  • U2F protocol (Yubikey etc)

This package supports all of those methods and even more. You can choose any of them, so there is no need to rely on a paid 3rd party SMS provider.

Leave a comment