Anvil Gets Extra Protection For Your Users
Protecting against password compromise – via phishing or data breaches – is increasingly important. That’s why we’re happy to announce that Anvil now comes with two factor authentication, protecting your app’s users even if their passwords are compromised!
Authentication is a fundamental part of keeping your users’ data safe. The problem is, getting it correct is a minefield. It requires time and deep understanding, and any slip-up can lead to disaster.
That’s why we built Anvil’s Users Service, a one-stop service for all of your authentication needs. The Users Service makes user management painless – it handles signup, login, email confirmation, password resets and more, using either your own user accounts or external providers such as Google, Facebook or Microsoft.
Now, the Users Service is getting even better. We have added Two-Factor Authentication, so that an attacker needs more than a compromised password. Like the rest of the Users Service, adding Two-Factor Authentication to your application is as easy as ticking a box:
Something you know and something you have
Most of the time, when building applications, a single factor of authentication is used such as a password. This works because it is something your users know – and, in a perfect world, something only they know.
Unfortunately, we don’t live in a perfect world. Stealing (or phishing) passwords is all too common – and if users re-use their password for another service and that service gets breached, attackers can use that password to access your services too. This is where Two-Factor Authentication comes in.
Two-Factor Authentication adds an additional layer of security and works by requiring something your users have: a physical device like a phone or hardware key. Anvil supports code-based TOTP applications such as Google Authenticator, as well as more secure hardware FIDO tokens such as Yubikeys.
How can you add it to your apps?
Good ideas should be easy to implement, so we’ve made it as simple as possible to add two-factor authentication (also known as multi-factor authentication) to your Anvil app. Simply tick a box in the Users Service:
Once added, users of your application will be prompted to provide two factors of authentication, their login and password and authentication by a hardware token such as a Yubikey or an authenticator app like Google Authenticator.
Because a user’s password alone is no longer enough to access their account, two-factor authentication dramatically improves the security of your application and therefore your users’ personal information.
Two-factor authentication is available to all Anvil users, from free users up to enterprise!
Fully Customisable from Code
Of course, all of this functionality is easy to drive from code, with simple Python APIs.
To read more about two-factor authentication with Anvil, check out the documentation:
How to try Anvil
If you’re new here, welcome! Anvil is a platform for building full-stack web apps with nothing but Python. No need to wrestle with JS, HTML, CSS, Python, SQL and all their frameworks – just build it all in Python.
Why not have a play with the app builder? It’s free! Click here to get started: