#29274 closed Cleanup/optimization (fixed)

Update the password list used by CommonPasswordValidator to a more recent list

Reported by: Brenton Cleeland Owned by: Jessica
Component: contrib.auth Version: 2.0
Severity: Normal Keywords: CommonPasswordValidator
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

There is a recently released list of common passwords from Troy Hunt / Have I Been Pwned that could be used as a basis for the CommonPasswordValidator.

Most of the top 20k have been unhashed and made available here by Royce Williams:
https://gist.github.com/roycewilliams/281ce539915a947a23db17137d91aeb7

My suggestion would be to use this complete list, but I'd be open to using a smaller subset if the community would prefer.

Change History (4)

comment:1 Changed 19 months ago by Tim Graham

Triage Stage: UnreviewedAccepted
Type: New featureCleanup/optimization

comment:2 Changed 19 months ago by Jessica

Owner: changed from nobody to Jessica
Status: newassigned

comment:4 Changed 18 months ago by Jessica

Has patch: set
Last edited 18 months ago by Tim Graham (previous) (diff)

comment:5 Changed 18 months ago by Tim Graham <timograham@…>

Resolution: fixed
Status: assignedclosed

In 9333187:

Fixed #29274 -- Increased the number of common passwords from 1k to 20k.

Note: See TracTickets for help on using tickets.
Back to Top