-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improvements to account creation #30
Comments
Is django-password-strength of any use? Also, (future improvement) this would be a great place to include the Geek.Zone affiliate link to LastPass |
I'd argue that password length is more important than complexity, see I do agree that login throttling, 3 bad login attempts every hour for example, is a good idea. We could combine this with an email to the account holder, something like, "Someone just tried, and failed, to log into your Geek.Zone account. Your account is safe, however just to be sure you might like to change your password." |
Would recaptcha be a better first step than blindly throttling? I've created keys for geek.zone, where should I put them? |
Split to #43 |
@CarwynNelson and I have agreed that we will change the password length to 9. Should ideally use the built in methods to check for common passwords. Post MVP we could have a password strength indicator that only goes fully green after 16 characters. |
The text was updated successfully, but these errors were encountered: