Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Add fusionbox.passwords.validate_password to the user forms #35

Closed
wants to merge 1 commit into
from

Conversation

Projects
None yet
2 participants
Owner

gavinwahl commented May 8, 2012

fusionbox.passwords.validate_password checks a password against a list
of very common passwords. Passwords on this list should be disallowed.

Also adds this validator to django.contrib.auth

I think this is a good method of enforcing password strength because it has no
false positives (If your password is on a list of the 3000 most common, it is by
definition not a good password).

@gavinwahl gavinwahl Add fusionbox.passwords.validate_password to the user forms
`fusionbox.passwords.validate_password` checks a password against a list
of very common passwords. Passwords on this list should be disallowed.

Also adds this validator to `django.contrib.auth`
ea48491
Owner

gavinwahl commented May 8, 2012

One problem -- you can't use your normal easy passwords during testing.

Contributor

colinta commented May 9, 2012

My new favorite password isn't on that list! ;-)

Owner

gavinwahl commented May 9, 2012

diff --git a/fusionbox/passwords.py b/fusionbox/passwords.py
index 3836a01..cf01ae4 100644
--- a/fusionbox/passwords.py
+++ b/fusionbox/passwords.py
@@ -270,6 +270,7 @@ COMMON_PASSWORDS = frozenset([
     'arnold',
     'arrow',
     'arsenal',
+    'arstarst',
     'artemis',
     'arthur',
     'artist',
Contributor

colinta commented May 9, 2012

I suppose I was asking for that.

@gavinwahl gavinwahl closed this Jun 14, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment