pwned-passwords-django provides helpers for working with the Pwned Passwords database of Have I Been Pwned? in Django powered sites. Pwned Passwords is an extremely large database of passwords known to have been compromised through data breaches, and is useful as a tool for rejecting common or weak passwords.
There are three main components to this:
- A password validator which checks the Pwned Passwords database
- A middleware which automatically checks certain request payloads against the Pwned Passwords database
- Code providing direct access to the Pwned Passwords database
All three use a secure, anonymized API which never transmits the password or its hash to any third party. To learn more, see the FAQ.