Re: A more useful list of common passwords?

2018-04-10 Thread Brenton Cleeland
Hi Jessica (& team!), My immediate thought is that those rows are errors. They should be ignored and not included in any list added to Django :) On 11 April 2018 at 02:13, Jessica F wrote: > Hello! I'm Jessica, the assignee to this ticket. I am speaking on behalf > of a group

Re: A more useful list of common passwords?

2018-03-30 Thread Brenton Cleeland
performance impact is this having over the existing list? >> >> What's the additional memory load, if any? >> >> -- >> Curtis >> >> >> On 03/30/2018 04:24 PM, Brenton Cleeland wrote: >> >>> Three years ago Django introduced the CommonP

A more useful list of common passwords?

2018-03-29 Thread Brenton Cleeland
Three years ago Django introduced the CommonPasswordValidator and included a list of 1,000 passwords considered to be "common". That list was based on leaked passwords and came from xato.net[1]. I'd like to update the list to a) be from a more reliable / recent source b) be larger and more in

Re: NIST password guidelines [was: vulnerability in password reset]

2016-11-24 Thread Brenton Cleeland
An easy improvement from the NIST guidelines would be to increase the size of Django's common passwords list. Django currently includes 1,000, the linked NIST summary suggests using 100,000 (!!). On Thu, Nov 24, 2016 at 3:03 AM, Erik Romijn wrote: > Hello, > > Django has