pwned-passwords-django 2.1#

pwned-passwords-django provides helpers for working with the Pwned Passwords database from Have I Been Pwned in Django powered sites. Pwned Passwords is an extremely large database of passwords known to have been compromised through data breaches, and is useful as a tool for rejecting common or weak passwords.

There are three main components to this application:

All three use a secure, anonymized API which never transmits any password or its full hash to any third party.


The recommended configuration is to enable both the password validator and the automatic password-checking middleware. To do this, make the following changes to your Django settings.

First, add the validator to your AUTH_PASSWORD_VALIDATORS list:

    # ... other password validators ...
        "NAME": "pwned_passwords_django.validators.PwnedPasswordsValidator",

Then, add the middleware to your MIDDLEWARE list:

    # .. other middlewares ...

Documentation contents#