A translatable password validator for django, based on zxcvbn-python.
Project description
django-zxcvbn-password-validator
A translatable password validator for django, based on zxcvbn-python and available with pip.
Professional support for django-zxcvbn-password-validator is available as part of the Tidelift Subscription
Translating the project
This project is available in multiple language. Your contribution would be very appreciated if you know a language that is not yet available. See how to contribute
Language available
The software is developed in english. Other available languages are :
- Dutch thanks to Thom Wiggers
- French thanks to Pierre Sassoulas and Lionel Sausin
- Brazilian Portuguese thanks to Andrés Martano
- English
Creating a user with django-zxcvbn-password-validator
If the password is not strong enough, we provide errors explaining what you need to do :
The error message are translated to your target language (even the string given by zxcvbn that are in english only) :
How to use
Add django-zxcvbn-password-validator to your requirements and get it with pip. Then
everything happens in your settings file.
Add 'django_zxcvbn_password_validator' in the INSTALLED_APPS :
INSTALLED_APPS = [
# ...
"django_zxcvbn_password_validator"
]
Modify AUTH_PASSWORD_VALIDATORS :
AUTH_PASSWORD_VALIDATORS = [
{
"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
},
{
"NAME": "django_zxcvbn_password_validator.ZxcvbnPasswordValidator",
},
# ...
]
You could choose to use zxcvbn alone, but I personally still use Django's
UserAttributeSimilarityValidator, because there seems to be still be some problem with
it integrating user information with zxcvbn (as of june 2018).
Finally, you can set the PASSWORD_MINIMAL_STRENGTH to your liking (default is 2),
every password scoring lower than this number will be rejected :
# 0 too guessable: risky password. (guesses < 10^3)
# 1 very guessable: protection from throttled online attacks.
# (guesses < 10^6)
# 2 somewhat guessable: protection from unthrottled online attacks.
# (guesses < 10^8)
# 3 safely unguessable: moderate protection from offline slow-hash scenario.
# (guesses < 10^10)
# 4 very unguessable: strong protection from offline slow-hash scenario.
# (guesses >= 10^10)
PASSWORD_MINIMAL_STRENGTH = 0 if DEBUG else 4
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file django_zxcvbn_password_validator-1.4.5.tar.gz.
File metadata
- Download URL: django_zxcvbn_password_validator-1.4.5.tar.gz
- Upload date:
- Size: 17.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 7cc697f2c2d873e8681374f6b777f06534e70d7c612929f1604427011d8745a4 |
|
| MD5 | 32eb97f557a15eaf23af17bec664a28b |
|
| BLAKE2b-256 | e684501070029bf091c57063d51745012b151f5ece486cd5c9ffa41914b0bc26 |
File details
Details for the file django_zxcvbn_password_validator-1.4.5-py3-none-any.whl.
File metadata
- Download URL: django_zxcvbn_password_validator-1.4.5-py3-none-any.whl
- Upload date:
- Size: 25.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 1879f8803e5adbed5462093ccd89a583d2da2af264fbc1347a28785545219327 |
|
| MD5 | 0cca50a29ef2ef22511a3c536c6f03dc |
|
| BLAKE2b-256 | 11cff5bd73b14d21bd759515cf5384f072c161ae63235a08ae02a9d65d0640e3 |
