Skip to main content

PCI-compliant authentication application for Django 1.4+. Uses "best of" existing libraries then fills in the gaps.

Project description


Django 1.4+ only

This library integrates the current Django “best of” PCI auth libraries into a single application, then fills in the gaps. Filling gaps may involve making additional decisions for you, as suggested by Django Documentation e.g.:

Or in some cases additional functionality may be provided by this library e.g.:

  • Database models to persist event data e.g. lockouts


  • Stronger password hashing that allows for selection of hashing algorithm scrypt, bcrypt, PBKDF2, etc. via [1]

  • Checking for strong passwords with a default length setting overrideable in [2]

  • Integrate strong passwords into Django Admin.

  • Lock out account for n minutes after x failed log-in attempts. [3]

  • Set inactivity timeouts.

  • Generate event/email when lock-out occurs.

  • Set flags disallowing certain accounts to be locked out.

  • Log every log-on and explicit log-out (not necessary to log timed out log-ins).

  • Track last four passwords and do not allow re-use.

  • Force password reset after X amount of time.

XXX Below not done

  • Provide JavaScript to check for strong passwords inline.

    • Javascript code should check the Django settings via AJAX re: password length min/max, etc.


Before you use this library in your applications you may wish to demo its functionality. To do so, follow these steps:

$ virtualenv .
$ bin/pip install django-pci-auth
$ bin/ syncdb --settings=django_pci_auth.settings
$ bin/ runserver --settings=django_pci_auth.settings



A list of libraries included:


A list of relevant articles:


Stronger password hashing

This is a built-in feature in Django 1.4+. Documented here for convenience:

    # From
    # "[redacted] This means that Django will use the first hash in the list
    # to store all passwords, but will support checking passwords stored with
    # the rest of the hashes in the list. If you remove a hash from the list
    # it will no longer be supported.

Password Reuse

How many old passwords will you store? This feature will prevent users from using the same passwords over and over again; it will keep the last OLD_PASSWORD_STORAGE_NUM number of passwords around and remove anything older. E.g.:



Overview of features

Password length enforcement

Failed login attempts log


This software is licensed under the same BSD license that Django is licensed under. See: LICENSE.



0.0.4 (2012-11-28)

  • Pre-release, includes most features promised. [aclark4life]

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution (160.3 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page