Opened 8 years ago
Closed 8 years ago
#27568 closed New feature (wontfix)
Add new Entropy Password Validator to django.contrib.auth.password_validation
| Reported by: | Alexander Ovchinnikov | Owned by: | nobody |
|---|---|---|---|
| Component: | contrib.auth | Version: | dev |
| Severity: | Normal | Keywords: | auth password_validation password validation validator Shannon entropy |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
I inspired from https://github.com/tarak/django-password-policies/blob/master/password_policies/forms/validators.py#L267
I feel, we need such validator in django auth, enabled by default.
It can prevent passwords like 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'.
Note:
See TracTickets
for help on using tickets.
This seems fine as a third-party app to me. Presumably some thought went into what validators should be built-in when the password validation was first added in Django. Please write to the DevelopersMailingList if you want other opinions. In particular, I'd like to know what criteria you'd use to determine whether or not a validator should be built-in. Thanks.