Maybe add those to local_settings.py.template as webauthn is enabled by default and we should encourage people to customize those values.
This should not be a migration file....
A migration file was added to remove all 2 factors auth of all users....
ah I see, if the yubikeys never have an actual button that can be pushed, "touch" is indeed fine.
great, if not too much work, can you remove the method option altogether and set it directly to text message?
we don't want to change the settings.py on each instance, this one is tracked on git....
ah, I see. good point, forgot that even if 2fa is not forced, it is still available
ok, let's keep it like that then. maybe it's better to actually get an exception if someone remove the key from the settings.
We just have to change it in the settings.py directly for each instance of smasch deployed....
Yh but even if FORCE_2FA is false, user can still decide to add a 2fa and thus at least one 2fa method must be enabled in any case.