pwned-passwords-django provides helpers for working with the Pwned Passwords database of Have I Been Pwned in Django powered sites. Pwned Passwords is an extremely large database of passwords known to have been compromised through data breaches, and is useful as a tool for rejecting common or weak passwords.
There are three main components to this:
A password validator <validator>which checks the Pwned Passwords database.A middleware <middleware>which automatically checks certain request payloads against the Pwned Passwords database.Code providing direct access <api>to the Pwned Passwords database.
All three use a secure, anonymized API which never transmits the password or its hash to any third party. To learn more, see the
FAQ <faq>.
install validator middleware api settings faq changelog