pwned-passwords-django 2.0#
pwned-passwords-django provides helpers for working with the Pwned Passwords database of Have I Been Pwned in Django powered sites. Pwned Passwords is an extremely large database of passwords known to have been compromised through data breaches, and is useful as a tool for rejecting common or weak passwords.
There are three main components to this application:
A password validator which checks the Pwned Passwords database.
A middleware which automatically checks certain request payloads against the Pwned Passwords database.
Code providing direct access to the Pwned Passwords database.
All three use a secure, anonymized API which never transmits the password or its hash to any third party. To learn more, see the FAQ.