So, I have been digging a little bit more and it seems there was a conscious decision to not include an entropy check or character classes: https://groups.google.com/g/django-developers/c/9GBhgGXmEKs/m/toKKgGhaqewJ -- But I have to admit that this is all I could find and I was rather surprised when you brought up the topic. I certainly would also have expected stronger validation by default (then again I tend to customize those settings very early on usually) -- maybe some kind of entropy check (but it's hard to write a good error message on those).
I just double checked and hhhhhhhh/pppppppp are indeed in the common password list. Funny that they seem to be a) common enough to be included there and b) commoner than let's say iiiiiiii. Cheers, Florian On Tuesday, October 6, 2020 at 5:59:30 PM UTC+2 hcharpent...@gmail.com wrote: > > Oh I see... > Thank you! > On Tuesday, October 6, 2020 at 4:30:34 PM UTC+2 f.apo...@gmail.com wrote: > >> Seem to be expected behaviour (albeit somewhat suboptimal :D). The >> default validators are: >> https://github.com/django/django/blob/999cddd58d30469f3ee85278985313fdf528323d/django/conf/project_template/project_name/settings.py-tpl#L87-L100 >> >> and from the looks of it hhhhhhhh/pppppppp is in the list of common >> passwords, whereas iiiiiiii/&&&&&&&& is not. >> >> On Tuesday, October 6, 2020 at 3:32:51 PM UTC+2 hcharpent...@gmail.com >> wrote: >> >>> >>> Hi, >>> When you create or modify a user account, the password has to be min. 8 >>> characters long, not only numbers, not too simple. >>> But is it normal that you can use 8 times the same character? >>> E.g.: "hhhhhhhh", "pppppppp" are not allowed as a password ; "iiiiiiii", >>> "&&&&&&&&" are allowed... >>> Thank you and have a nice day! >>> >> -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/0f381205-ba70-4b89-9f34-5a2c459ac5f5n%40googlegroups.com.
