DEV Community

ashrafZolkopli
ashrafZolkopli

Posted on

1 1

Django Enhance Password Policy

#django #github #template #tutorial

Preface

Django build in password policy are by itself provide a great basis toward making sure the password that the user choose is relatively strong enough that its hard to guess.

Build in Password Validators

image

however usually in a business setting, almost all company will have its own set of password policy that need fine grain control of what is acceptable and what is not.

Things like password require 1 uppercase, 1 lowercase, 1 digit, and 1 special character or thing such as no repeated password for the last x number password change require a special kinda of password validator so that we can make it better. My go to password validator would be django-password-validators.

Installing Django Password Validator

Installing django-password-validators with the command:

pipenv install django-password-validators
pipenv lock -r >requirements.txt
Enter fullscreen mode Exit fullscreen mode

Configuring the settings

If you want to have only the password strength check, just use the following in your settings.py file

 INSTALLED_APPS = [
     ...
     'django_password_validators',
     ...
 ]

AUTH_PASSWORD_VALIDATORS = [
    ...
    {
        'NAME': 'django_password_validators.password_character_requirements.password_validation.PasswordCharacterValidator',
        'OPTIONS': {
             'min_length_digit': 1,
             'min_length_alpha': 2,
             'min_length_special': 3,
             'min_length_lower': 4,
             'min_length_upper': 5,
             'special_characters': "~!@#$%^&*()_+{}\":;'[]"
         }
    },
    ...
]
Enter fullscreen mode Exit fullscreen mode

however if you need validator to check with the historical password

 INSTALLED_APPS = [
     ...
     'django_password_validators',
     'django_password_validators.password_history',
     ...
 ]

AUTH_PASSWORD_VALIDATORS = [
    ...
    {
        'NAME': 'django_password_validators.password_history.password_validation.UniquePasswordsValidator',
        'OPTIONS': {
             # How many recently entered passwords matter.
             # Passwords out of range are deleted.
             # Default: 0 - All passwords entered by the user. All password hashes are stored.
            'last_passwords': 5 # Only the last 5 passwords entered by the user
        }
    },
    ...
]

# If you want, you can change the default hasher for the password history.
DPV_DEFAULT_HISTORY_HASHER = 'django_password_validators.password_history.hashers.HistoryHasher'
Enter fullscreen mode Exit fullscreen mode

End

I think with django-password-validators package, we are now able to make sure that the user would atleast have a much harder password to crack.

profile
Heroku
 Promoted

Heroku

Simplify your DevOps and maximize your time.

Since 2007, Heroku has been the go-to platform for developers as it monitors uptime, performance, and infrastructure concerns, allowing you to focus on writing code.

Learn More

Top comments (0)

profile
Coherence
 Promoted

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

Read next

jones_charles_ad50858dbc0 profile image

Implementing WebSocket Communication and Heartbeat Mechanism with GoFrame: A Hands-on Guide

Jones Charles -

gleamso profile image

/llms.txt: A Simple Way to Control How AI Bots See Your Site 🤖

gleamso -

giveitatry profile image

How to install etcd cluster for dummies

giveitatry -

thecoollearner profile image

Introduction to Backend Architectures (Part 1)

Alok Kumar -

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay