_CORE
Services
AI & Agentic Systems Core Information Systems Cloud & Platform Engineering Data Platform & Integration Security & Compliance QA, Testing & Observability IoT, Automation & Robotics Mobile & Digital
Industries
Banking & Finance Insurance Public Administration Defense & Security Healthcare Energy & Utilities Telco & Media Manufacturing Logistics & E-commerce Retail & Loyalty
References Technologies
Lab
Blog Know-how Tools
About Collaboration Careers
Language
CS EN
Let's talk

MFA Implementation — Multi-Factor Authentication

17. 11. 2025 1 min read intermediate

MFA reduces account compromise risk by 99.9%. Implement TOTP (Google Authenticator) or WebAuthn (passkeys).

TOTP Implementation

import pyotp
secret = pyotp.random_base32()
totp = pyotp.TOTP(secret)
uri = totp.provisioning_uri("[email protected]", issuer_name="MyApp")
# QR code from uri → authenticator app
totp.verify(user_code, valid_window=1) # ±30s tolerance

Recovery Codes

import secrets
def generate_recovery_codes(count=10):
    codes = [secrets.token_hex(4) for _ in range(count)]
    # Store hashes in DB, show plaintext to user ONCE
    return codes

Recommendations

  1. TOTP as minimum
  2. WebAuthn/Passkeys as most secure
  3. SMS only as fallback (SIM swap risk)
  4. Recovery codes for device loss
  5. Enforce MFA for admin roles

Key Takeaway

TOTP is minimum, passkeys are the future. SMS only as fallback. MFA for all admin accounts.

securitymfatotpwebauthn
Share:

CORE SYSTEMS tým

Stavíme core systémy a AI agenty, které drží provoz. 15 let zkušeností s enterprise IT.

Všechny články

Další know-how

Passkeys — Passwordless Authentication Finally in Practice

Passkeys replace passwords with biometrics and cryptography. How they work, why they're more secure, and how to...

2FA/MFA: Why and How to Set Up

Two-factor authentication guide — TOTP, hardware keys, backup codes.

FIDO2/Passkeys — budoucnost autentizace

Passwordless autentizace s WebAuthn a passkeys. Implementace a UX.