id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
19743	Document limitations of django.contrib.auth	Aymeric Augustin	nobody	"django.contrib.auth aims to be very generic and doesn't provide some features commonly found in web authentication systems:

- password strength checking: requirements depend very much on the context.
- throttling of login attempts: possible with a custom auth backend, for example https://github.com/brutasse/django-ratelimit-backend (I haven't audited that code)
- external auth providers: possible with a custom auth backend, there are several third-party apps providing this feature.

The documentation should point out that these features aren't implemented to raise awareness."	Cleanup/optimization	closed	Documentation	dev	Normal	fixed			Ready for checkin	1	0	0	0	0	0