A translatable password validator for django, based on zxcvbn-python.
Project description
django-zxcvbn-password-validator
A translatable password validator for django, based on zxcvbn-python and available with pip.
Professional support for django-zxcvbn-password-validator is available as part of the Tidelift Subscription
Translating the project
This project is available in multiple language. Your contribution would be very appreciated if you know a language that is not yet available. See how to contribute
Language available
The software is developed in english. Other available languages are :
- Dutch thanks to Thom Wiggers
- French thanks to Pierre Sassoulas and Lionel Sausin
- English
Creating a user with django-zxcvbn-password-validator
If the password is not strong enough, we provide errors explaining what you need to do :
The error message are translated to your target language (even the string given by zxcvbn that are in english only) :
How to use
Add django-zxcvbn-password-validator
to your requirements and get it with pip. Then
everything happens in your settings file.
Add 'django_zxcvbn_password_validator'
in the INSTALLED_APPS
:
INSTALLED_APPS = [
# ...
"django_zxcvbn_password_validator"
]
Modify AUTH_PASSWORD_VALIDATORS
:
AUTH_PASSWORD_VALIDATORS = [
{
"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
},
{
"NAME": "django_zxcvbn_password_validator.ZxcvbnPasswordValidator",
},
# ...
]
You could choose to use zxcvbn alone, but I personally still use Django's
UserAttributeSimilarityValidator
, because there seems to be still be some problem with
it integrating user information with zxcvbn (as of june 2018).
Finally, you can set the PASSWORD_MINIMAL_STRENGTH
to your liking (default is 2),
every password scoring lower than this number will be rejected :
# 0 too guessable: risky password. (guesses < 10^3)
# 1 very guessable: protection from throttled online attacks.
# (guesses < 10^6)
# 2 somewhat guessable: protection from unthrottled online attacks.
# (guesses < 10^8)
# 3 safely unguessable: moderate protection from offline slow-hash scenario.
# (guesses < 10^10)
# 4 very unguessable: strong protection from offline slow-hash scenario.
# (guesses >= 10^10)
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for django-zxcvbn-password-validator-1.4.2.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 3ef6870d967de8cfaa096c784d6f3f1fcdea9231fc07f350549c65107430a1f0 |
|
MD5 | b81fabca2dd372af7f9984c88f30eda1 |
|
BLAKE2b-256 | 9a21ed5198bb234758266ebd4693057ca49378c243c57766e6fa6b5a95eecf8c |
Hashes for django_zxcvbn_password_validator-1.4.2-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | e3b8bcb27d8e77b0098504c94ccc05c4ae84e1385cee5cbd58f9626a9ef96c47 |
|
MD5 | d9b69255f2a8f3768f660bb9f62ec9bb |
|
BLAKE2b-256 | db0a369b9f46969c24197aceaae9abd1712345b8e993c570a418293c14b12ba2 |