Scot,
This is nice, thank you for sharing. I think something like this + an up to
date black list should be good enough.
Mehmet
From: Scot Hacker
Sent: Saturday, September 1, 2018 8:38 PM
To: Django developers (Contributions to Django itself)
Subject: Re: New Password Validators
Rather than
Rather than enforce an arbitrary set of password construction rules, I
prefer systems that gauge password strength as an overall entropy score,
then let sites establish the minimum overall strength they require. How
that strength is achieved is up to each user - uou can either go short and
I'm agreeing with the other replies saying that if this is really needed,
it can be done as a third-party module.
As much as possible, I want to have Django avoid promoting outdated
security policies (and the fact that many places still use them doesn't
mean they're current; it means they haven't
tor) from Django to make it
>self consistent.
>
>
>
> Mehmet
>
>
>
> *From: *Mehmet Dogan
> *Sent: *Friday, August 31, 2018 12:59 PM
> *To: *django-developers@googlegroups.com
> *Subject: *RE: New Password Validators
>
>
>
> Hey James,
>
>
>
>
.
Mehmet
From: Mehmet Dogan
Sent: Friday, August 31, 2018 12:59 PM
To: django-developers@googlegroups.com
Subject: RE: New Password Validators
Hey James,
Thank you for the resources you provided. I really learned a lot. Here are a
few points (references/details at the very bottom):
1
t 30, 2018 10:32 PM
To: django-developers@googlegroups.com
Subject: Re: New Password Validators
This type of enforced "complexity" does not increase security, and relevant
standards groups now recommend not trying to enforce these rules.
Quoting US NIST 800-63B, Appendix A:
> As noted a
I agree with James and Adams, password validation rules depend on business and
should not be forced by core onto developers
> On Aug 31, 2018, at 12:52 PM, Adam Johnson wrote:
>
> I agree with James, Django core shouldn't include these. If your organization
> requires you to implement such
I agree with James, Django core shouldn't include these. If your
organization requires you to implement such practices despite their
problems, add your own password validators, and maybe distribute them in a
third party package!
On Fri, 31 Aug 2018 at 06:32, James Bennett wrote:
> This type of
This type of enforced "complexity" does not increase security, and relevant
standards groups now recommend not trying to enforce these rules.
Quoting US NIST 800-63B, Appendix A:
> As noted above, composition rules are commonly used in an attempt to
increase the difficulty of guessing
Hi Everybody,
Django currently ships with the following password validators:
UserAttributeSimilarityValidator
MinimumLengthValidator
CommonPasswordValidator
NumericPasswordValidator
However, it is typical nowadays to require uppercase, lowercase, at least a
numeric character and a
10 matches
Mail list logo
