(Imported from Google Code)
Not sure if the idea is in-scope for passlib, just wanted to keep the idea here:
What features would the enhancement add?
2factor auth (like google authenticator uses, is standardized by rfc)
first "factor" is a normal username/password check (== passlib stuff), second "factor" is computation of a one-time number based on a shared secret (secret per site and per user).
What parts of the project would this effect?
Needs adding of a little code like there:
(there are also some python libraries on pypi)
Some already existing code of passlib could be (re)used in that context, like e.g. the random string generator - for generating the shared secret.
one issue: getting the shared secret into your (e.g. android) device is comfortable only by scanning some QR code (one could also type in the code, but that's tedious). not sure how to solve that without gettig into image generation business or doing requests to some google api or so. but maybe that part can be just left to the library user.