Opened 6 years ago

Closed 6 years ago

#29274 closed Cleanup/optimization (fixed)

Update the password list used by CommonPasswordValidator to a more recent list

Reported by: Brenton Cleeland Owned by: Jessica
Component: contrib.auth Version: 2.0
Severity: Normal Keywords: CommonPasswordValidator
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


There is a recently released list of common passwords from Troy Hunt / Have I Been Pwned that could be used as a basis for the CommonPasswordValidator.

Most of the top 20k have been unhashed and made available here by Royce Williams:

My suggestion would be to use this complete list, but I'd be open to using a smaller subset if the community would prefer.

Change History (4)

comment:1 by Tim Graham, 6 years ago

Triage Stage: UnreviewedAccepted
Type: New featureCleanup/optimization

comment:2 by Jessica, 6 years ago

Owner: changed from nobody to Jessica
Status: newassigned

comment:4 by Jessica, 6 years ago

Has patch: set
Last edited 6 years ago by Tim Graham (previous) (diff)

comment:5 by Tim Graham <timograham@…>, 6 years ago

Resolution: fixed
Status: assignedclosed

In 9333187:

Fixed #29274 -- Increased the number of common passwords from 1k to 20k.

Note: See TracTickets for help on using tickets.
Back to Top