DEV Community

ashrafZolkopli
ashrafZolkopli

Posted on

1 1

Django Enhance Password Policy

Preface

Django build in password policy are by itself provide a great basis toward making sure the password that the user choose is relatively strong enough that its hard to guess.

Build in Password Validators

image

however usually in a business setting, almost all company will have its own set of password policy that need fine grain control of what is acceptable and what is not.

Things like password require 1 uppercase, 1 lowercase, 1 digit, and 1 special character or thing such as no repeated password for the last x number password change require a special kinda of password validator so that we can make it better. My go to password validator would be django-password-validators.

Installing Django Password Validator

Installing django-password-validators with the command:

pipenv install django-password-validators
pipenv lock -r >requirements.txt
Enter fullscreen mode Exit fullscreen mode

Configuring the settings

If you want to have only the password strength check, just use the following in your settings.py file

 INSTALLED_APPS = [
     ...
     'django_password_validators',
     ...
 ]

AUTH_PASSWORD_VALIDATORS = [
    ...
    {
        'NAME': 'django_password_validators.password_character_requirements.password_validation.PasswordCharacterValidator',
        'OPTIONS': {
             'min_length_digit': 1,
             'min_length_alpha': 2,
             'min_length_special': 3,
             'min_length_lower': 4,
             'min_length_upper': 5,
             'special_characters': "~!@#$%^&*()_+{}\":;'[]"
         }
    },
    ...
]
Enter fullscreen mode Exit fullscreen mode

however if you need validator to check with the historical password

 INSTALLED_APPS = [
     ...
     'django_password_validators',
     'django_password_validators.password_history',
     ...
 ]

AUTH_PASSWORD_VALIDATORS = [
    ...
    {
        'NAME': 'django_password_validators.password_history.password_validation.UniquePasswordsValidator',
        'OPTIONS': {
             # How many recently entered passwords matter.
             # Passwords out of range are deleted.
             # Default: 0 - All passwords entered by the user. All password hashes are stored.
            'last_passwords': 5 # Only the last 5 passwords entered by the user
        }
    },
    ...
]

# If you want, you can change the default hasher for the password history.
DPV_DEFAULT_HISTORY_HASHER = 'django_password_validators.password_history.hashers.HistoryHasher'
Enter fullscreen mode Exit fullscreen mode

End

I think with django-password-validators package, we are now able to make sure that the user would atleast have a much harder password to crack.

Image of Datadog

The Future of AI, LLMs, and Observability on Google Cloud

Datadog sat down with Google’s Director of AI to discuss the current and future states of AI, ML, and LLMs on Google Cloud. Discover 7 key insights for technical leaders, covering everything from upskilling teams to observability best practices

Learn More

Top comments (0)

Image of Datadog

The Essential Toolkit for Front-end Developers

Take a user-centric approach to front-end monitoring that evolves alongside increasingly complex frameworks and single-page applications.

Get The Kit

👋 Kindness is contagious

Dive into an ocean of knowledge with this thought-provoking post, revered deeply within the supportive DEV Community. Developers of all levels are welcome to join and enhance our collective intelligence.

Saying a simple "thank you" can brighten someone's day. Share your gratitude in the comments below!

On DEV, sharing ideas eases our path and fortifies our community connections. Found this helpful? Sending a quick thanks to the author can be profoundly valued.

Okay