A translatable password validator for django, based on zxcvbn-python.
Project description
django-zxcvbn-password-validator
A translatable password validator for django, based on zxcvbn-python and available with pip.
Professional support for django-zxcvbn-password-validator is available as part of the Tidelift Subscription
Translating the project
This project is available in multiple language. Your contribution would be very appreciated if you know a language that is not yet available. See how to contribute
Language available
The software is developed in english. Other available languages are :
- Dutch thanks to Thom Wiggers
- French thanks to Pierre Sassoulas and Lionel Sausin
- Brazilian Portuguese thanks to Andrés Martano
- English
Creating a user with django-zxcvbn-password-validator
If the password is not strong enough, we provide errors explaining what you need to do :
The error message are translated to your target language (even the string given by zxcvbn that are in english only) :
How to use
Add django-zxcvbn-password-validator
to your requirements and get it with pip. Then
everything happens in your settings file.
Add 'django_zxcvbn_password_validator'
in the INSTALLED_APPS
:
INSTALLED_APPS = [
# ...
"django_zxcvbn_password_validator"
]
Modify AUTH_PASSWORD_VALIDATORS
:
AUTH_PASSWORD_VALIDATORS = [
{
"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
},
{
"NAME": "django_zxcvbn_password_validator.ZxcvbnPasswordValidator",
},
# ...
]
You could choose to use zxcvbn alone, but I personally still use Django's
UserAttributeSimilarityValidator
, because there seems to be still be some problem with
it integrating user information with zxcvbn (as of june 2018).
Finally, you can set the PASSWORD_MINIMAL_STRENGTH
to your liking (default is 2),
every password scoring lower than this number will be rejected :
# 0 too guessable: risky password. (guesses < 10^3)
# 1 very guessable: protection from throttled online attacks.
# (guesses < 10^6)
# 2 somewhat guessable: protection from unthrottled online attacks.
# (guesses < 10^8)
# 3 safely unguessable: moderate protection from offline slow-hash scenario.
# (guesses < 10^10)
# 4 very unguessable: strong protection from offline slow-hash scenario.
# (guesses >= 10^10)
PASSWORD_MINIMAL_STRENGTH = 0 if DEBUG else 4
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for django_zxcvbn_password_validator-1.4.5.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 7cc697f2c2d873e8681374f6b777f06534e70d7c612929f1604427011d8745a4 |
|
MD5 | 32eb97f557a15eaf23af17bec664a28b |
|
BLAKE2b-256 | e684501070029bf091c57063d51745012b151f5ece486cd5c9ffa41914b0bc26 |
Hashes for django_zxcvbn_password_validator-1.4.5-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 1879f8803e5adbed5462093ccd89a583d2da2af264fbc1347a28785545219327 |
|
MD5 | 0cca50a29ef2ef22511a3c536c6f03dc |
|
BLAKE2b-256 | 11cff5bd73b14d21bd759515cf5384f072c161ae63235a08ae02a9d65d0640e3 |