Skip to content
Related Articles

Related Articles

Related Articles

Save Article
Improve Article
Save Article
Like Article

Securing Django Admin login with OTP (2 Factor Authentication)

  • Last Updated : 01 Nov, 2020

Multi factor authentication is one of the most basic principle when adding security for our applications. In this tutorial, we will be adding multi factor authentication using OTP Method. This article is in continuation of Blog CMS Project in Django. Check this out here – Building Blog CMS (Content Management System) with Django

Setup 2 Factor Authentication for Django Project

We will install TOTP package for our blog CMS which will add OTP security for our admin login. First install django-otp package

 Attention geek! Strengthen your foundations with the Python Programming Foundation Course and learn the basics.  

To begin with, your interview preparations Enhance your Data Structures concepts with the Python DS Course. And to begin with your Machine Learning Journey, join the Machine Learning - Basic Level Course

pip install django-otp

 and add ‘django_otp, django_otp.plugins.otp_totp‘ in our installed apps and django_otp.middleware.OTPMiddleware in middleware section of our settings file. 



Python3




INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'django_otp',
    'django_otp.plugins.otp_totp'
  
]
  
MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'django_otp.middleware.OTPMiddleware'
]
Now run,
# migrate our app
python3 manage.py migrate
Creating a TOTP Device – 
Now log into django admin to create an TOTP device. You can see it after logging in
login page
Click add and fill the details to create a new TOTP qrcode
add TOTP devices
 Now again go into totp device section and open the QRcode and scan it with your TOTP apps like Authy, Google Authenticator apps.
scan the qrcode
Set Admin OTP Class –
Now go into django urls.py file in gfgblog, not in blog urls.py and add the lines
Python3



from django_otp.admin import OTPAdminSite
  
admin.site.__class__ = OTPAdminSite
Output –
Now logout and login into django admin you have enter OTP everytime you need to login into django admin.
django admin with OTP
Some Basic Security Principles to follow
  • Keep Debug = False in Production
  • Limit Allowed hosted to our Server IP, localhost, and hostnames
  • Keep Secret key strong and safe
  • All ways use HTTPS  in Production
  • Keep a check on user uploads if being managed by multiple users
  • Keep your database secure and don’t use SQLite in Production
  • Try to use Security and content headers in production, a few headers are given below add these in Settings.py
Python3



SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
SESSION_COOKIE_SECURE = True
SECURE_BROWSER_XSS_FILTER = True
SECURE_HSTS_SECONDS = 31536000
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_HSTS_PRELOAD = True
SECURE_CONTENT_TYPE_NOSNIFF = True
CSRF_COOKIE_SECURE = True



My Personal Notes
arrow_drop_up
Previous
What is PHP and Why we use it ?
Next

How to add RSS Feed and Sitemap to Django project?
Recommended Articles
Page :
Firebase Authentication with Phone Number OTP in Android
29, Dec 20
Python | Django Admin Interface
05, Jun 18
Customize Django Admin Interface
06, Mar 20
Render Model in Django Admin Interface
23, Oct 19
Django Admin - Redesign and Customization
27, Oct 20
Authentication Bypass using SQL Injection on Login Page
14, Nov 20
Importance of Two Factor Authentication
05, Feb 21
Django Sign Up and login with confirmation Email | Python
29, Jul 19
Securing Web Applications
20, Nov 20
Python Django | Google authentication and Fetching mails from scratch
17, Oct 18
Implement Token Authentication using Django REST Framework
06, Nov 19
JWT Authentication with Django REST Framework
26, Apr 20
Basic Authentication - Django REST Framework
14, Sep 21
Django Authentication Project with Firebase
14, Jan 21
JavaScript | Program to generate one-time password (OTP)
12, Oct 18
One Time Password (OTP) algorithm in Cryptography
31, Jan 19
Python Program to create an OTP by squaring and concatenating the odd digits of a number
11, Feb 20
Python Program to generate one-time password (OTP)
16, Oct 18
Styling Django Forms with django-crispy-forms
20, Oct 20
How to customize Django forms using Django Widget Tweaks ?
03, Jan 21
Adding Tags Using Django-Taggit in Django Project
20, Oct 20
Integrating Django with Reactjs using Django REST Framework
23, Sep 21
Facebook Login using Python
07, Sep 17
Automated Login For Captive Portals in Linux
12, Feb 20
Article Contributed By :
https://media.geeksforgeeks.org/auth/avatar.png
kushwanthreddy
@kushwanthreddy
Vote for difficulty





Article Tags :
Report Issue

We use cookies to ensure you have the best browsing experience on our website. By using our site, you
acknowledge that you have read and understood our
Cookie Policy &
        Privacy Policy

Lightbox