The ability to bypass multifactor authentication can be useful in certain use cases.

All types of Django auth do basically the same thing: They associate a browser session ID with a Django user if the user logs-in successfully.  I found a neat technique to bypass a Django login by modifying with a Django session, which can be useful for testing purposes. Why is...