You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

django-zxcvbn-password-validator

Package Overview
Dependencies
Maintainers
1
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

django-zxcvbn-password-validator

A translatable password validator for django, based on zxcvbn-python.

1.4.5
pipPyPI
Maintainers
1

django-zxcvbn-password-validator

A translatable password validator for django, based on zxcvbn-python and available with pip.

Professional support for django-zxcvbn-password-validator is available as part of the Tidelift Subscription

Build Status Coverage Status PyPI version

Translating the project

This project is available in multiple language. Your contribution would be very appreciated if you know a language that is not yet available. See how to contribute

Language available

The software is developed in english. Other available languages are :

Creating a user with django-zxcvbn-password-validator

If the password is not strong enough, we provide errors explaining what you need to do :

English example

The error message are translated to your target language (even the string given by zxcvbn that are in english only) :

Translated example

How to use

Add django-zxcvbn-password-validator to your requirements and get it with pip. Then everything happens in your settings file.

Add 'django_zxcvbn_password_validator' in the INSTALLED_APPS :

INSTALLED_APPS = [
    # ...
    "django_zxcvbn_password_validator"
]

Modify AUTH_PASSWORD_VALIDATORS :

AUTH_PASSWORD_VALIDATORS = [
    {
        "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
    },
    {
        "NAME": "django_zxcvbn_password_validator.ZxcvbnPasswordValidator",
    },
    # ...
]

You could choose to use zxcvbn alone, but I personally still use Django's UserAttributeSimilarityValidator, because there seems to be still be some problem with it integrating user information with zxcvbn (as of june 2018).

Finally, you can set the PASSWORD_MINIMAL_STRENGTH to your liking (default is 2), every password scoring lower than this number will be rejected :

# 0 too guessable: risky password. (guesses < 10^3)
# 1 very guessable: protection from throttled online attacks.
# (guesses < 10^6)
# 2 somewhat guessable: protection from unthrottled online attacks.
# (guesses < 10^8)
# 3 safely unguessable: moderate protection from offline slow-hash scenario.
# (guesses < 10^10)
# 4 very unguessable: strong protection from offline slow-hash scenario.
# (guesses >= 10^10)
PASSWORD_MINIMAL_STRENGTH = 0 if DEBUG else 4

Keywords

django
password-validator
zxcvbn

FAQs

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Toptal’s GitHub Organization Hijacked: 10 Malicious Packages Published

Research

/

Security News

Toptal’s GitHub Organization Hijacked: 10 Malicious Packages Published

Threat actors hijacked Toptal’s GitHub org, publishing npm packages with malicious payloads that steal tokens and attempt to wipe victim systems.

By Kush Pandya  -  Jul 23, 2025