Local instance allows weak passwords

[jasonaowen]

Details

The installation instructions say to run python manage.py createsuperuser, which prompts for a password; self-sign-up users are also prompted for a password. By default, createsuperuser requires a non-empty password, and self-sign-up requires a password that is six characters or longer. Neither impose any further password complexity requirements, including checking for well-known passwords like password or 123456.

Expected Result

An error message - or at least a warning - about using insecure passwords.

Actual Result

"Superuser created successfully." and successful sign-up.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[davidfischer]

I'm not opposed to having a more sane default setting of AUTH_PASSWORD_VALIDATORS .