GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → QueraTeam → django-pwned

QueraTeam / django-pwned

Licence: MIT license
A collection of django password validators

Programming Languages

python
139335 projects - #7 most used programming language

Labels

securitydjangopassword

Projects that are alternatives of or similar to django-pwned

be password
Benutzer können ihr Passwort zurückzusetzen, wenn sie es vergessen haben.
Stars: ✭ 26 (+18.18%)
Mutual labels:  password
NEMO
Modeling Password Guessability Using Markov Models
Stars: ✭ 46 (+109.09%)
Mutual labels:  password
keepassxc-pwned
Check your keepassxc database against previously breached haveibeenpwned passwords
Stars: ✭ 25 (+13.64%)
Mutual labels:  password
MagicPassword
Need to generate a password? Try Gaowanliang Strong Password Generator. Just need a master password to generate secure passwords to keep your network safe.
Stars: ✭ 19 (-13.64%)
Mutual labels:  password
turaku-client
Web / Electron client application for Turaku
Stars: ✭ 27 (+22.73%)
Mutual labels:  password
Compressed2TXT
File(s)/Folder(s) "Send to" menu .bat ascii encoder with optional password and makecab lzx compression
Stars: ✭ 156 (+609.09%)
Mutual labels:  password
secrets
Useful to get input on noecho, secrets, passwords, token, hints
Stars: ✭ 13 (-40.91%)
Mutual labels:  password
PASSY
This project has moved to GitLab.com
Stars: ✭ 14 (-36.36%)
Mutual labels:  password
SRP
Secure Remote Password (SRP) for Swift
Stars: ✭ 44 (+100%)
Mutual labels:  password
chinese-diceware
Diceware word lists in Chinese
Stars: ✭ 27 (+22.73%)
Mutual labels:  password
Hemmelig.app
Keep your sensitive information out of chat logs, emails, and more with encrypted secrets.
Stars: ✭ 183 (+731.82%)
Mutual labels:  password
pwm
自用的密码管理工具
Stars: ✭ 34 (+54.55%)
Mutual labels:  password
LBFH
About All in one tool for Information Gathering, Vulnerability Scanning and Crawling. A must have tool for all penetration testers
Stars: ✭ 46 (+109.09%)
Mutual labels:  password
secret-service
Service to keep secrets of applications
Stars: ✭ 56 (+154.55%)
Mutual labels:  password
pywnedpasswords
Checkt pwnedpasswords.com in a secure way
Stars: ✭ 22 (+0%)
Mutual labels:  password
disallow-pwned-passwords
Disallow WordPress and WooCommerce users using pwned passwords
Stars: ✭ 29 (+31.82%)
Mutual labels:  password
mongoose-pii
A Mongoose plugin that lets you transparently cipher stored PII and use securely-hashed passwords
Stars: ✭ 43 (+95.45%)
Mutual labels:  password
jumble-password
🔐 A tiny tool to create unique id's or passwords.
Stars: ✭ 30 (+36.36%)
Mutual labels:  password
Passky-Server
API and Database for Passky (password manager)
Stars: ✭ 77 (+250%)
Mutual labels:  password
mpw-rs
Master Password in Pure Rust
Stars: ✭ 34 (+54.55%)
Mutual labels:  password
View All Similar Projects ➔

Django Pwned

A collection of django password validators.

Compatibility

  • Python: 3.6, 3.7, 3.8, 3.9, 3.10
  • Django: 3.2, 4.0

Installation

pip install django-pwned

For translations to work, add django_pwned to INSTALLED_APPS.

TL;DR:

AUTH_PASSWORD_VALIDATORS = [
    {"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator"},
    {"NAME": "django_pwned.validators.GitHubLikePasswordValidator"},
    {"NAME": "django_pwned.validators.MinimumUniqueCharactersPasswordValidator"},
    {"NAME": "django_pwned.validators.PwnedPasswordValidator"},
]

Validators

PwnedPasswordValidator(request_timeout=1.5)

This validator uses the Pwned Passwords API to check for compromised passwords.

Internally, this validator checks password with django's CommonPasswordValidator and if password was not in django's list, uses Pwned API to check password. So you can remove CommonPasswordValidator if you're using this validator.

AUTH_PASSWORD_VALIDATORS = [
    # ...
    # {"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator"},
    {"NAME": "django_pwned.validators.PwnedPasswordValidator"},
    # ...
]

You can set the API request timeout with the request_timeout parameter (in seconds).

If for any reason (connection issues, timeout, ...) the request to Pwned API fails, this validator skips checking password.

GitHubLikePasswordValidator(min_length=8, safe_length=15)

Validates whether the password is at least:

  • 8 characters long, if it includes a number and a lowercase letter, or
  • 15 characters long with any combination of characters

Based on Github's documentation about creating a strong password.

You may want to disable Django's NumericPasswordValidator and MinimumLengthValidator if you want to use GitHubLikePasswordValidator.

The minimum number of characters can be customized with the min_length parameter. The length at which we remove the restriction about requiring both number and lowercase letter can be customized with the safe_length parameter.

MinimumUniqueCharactersPasswordValidator(min_unique_characters=4)

Validates whether the password contains at least 4 unique characters. For example aaaaaaaaaabbbbbbccc is an invalid password, but aAbB is a valid password.

The minimum number of unique characters can be customized with the min_unique_characters parameter.

Development

  • Create and activate a python virtualenv.
  • Install development dependencies in your virtualenv: pip install -e '.[dev]'
  • Install pre-commit hooks: pre-commit install
  • Run tests with coverage: py.test --cov

License

MIT

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].