A Django project demonstrating Two-Factor Authentication (2FA) using Time-Based (TOTP) and HMAC-Based One-Time Passwords (HOTP), with Docker and PostgreSQL. This implementation adds an extra layer of security by requiring users to verify themselves using a code generated by an authenticator app like Google Authenticator.
Read the full blog post for a detailed walkthrough: Link to Blog Post
- User Registration and Login
- 2FA Setup via QR Code: Users scan a QR code to link their authenticator app (e.g., Google Authenticator).
- TOTP Authentication: Users enter a code from their authenticator app for verification.
- Restricted Access Page: Verified users can access protected content.
Docker & Docker Compose
Python 3.12+ (if running locally)
Postgresql 17+ (if running locally)
Clone the repository:
git clone <repository-url> && cd <repository-folder>
Start Docker Containers:
docker-compose up --build
Run Migrations and Create Superuser:
docker-compose exec web python manage.py migrate
docker-compose exec web python manage.py createsuperuser
The application will be accessible at http://localhost:8000.
Place any necessary variables in a .env file:
POSTGRES_DB=db
POSTGRES_USER=db_user
POSTGRES_PASSWORD=db_pass
DJANGO_SECRET_KEY=your_secret_key