Password Auto-reset and Expiry Policy (every X Months)
1,133 views
Skip to first unread message
Harish Tejwani
Apr 11, 2011, 2:47:57 PM4/11/11
to Django users
What would be the best module or app that can support
a) User's Password expiring every 6 months, so they are forced to
change it
b) For new user's that get system generated passwords, and are forced
to change at FIRST login
Any ideas/suggestions would help how to go about implementing this
Following are currently installed APPS
INSTALLED_APPS = (
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.sites',
'django.contrib.messages',
'django.contrib.staticfiles',
# Uncomment the next line to enable the admin:
'django.contrib.admin',
# Uncomment the next line to enable admin documentation:
'django.contrib.admindocs',
'django.contrib.staticfiles',
)
a) User's Password expiring every 6 months, so they are forced to
change it
b) For new user's that get system generated passwords, and are forced
to change at FIRST login
Any ideas/suggestions would help how to go about implementing this
Following are currently installed APPS
INSTALLED_APPS = (
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.sites',
'django.contrib.messages',
'django.contrib.staticfiles',
# Uncomment the next line to enable the admin:
'django.contrib.admin',
# Uncomment the next line to enable admin documentation:
'django.contrib.admindocs',
'django.contrib.staticfiles',
)
gladys
Apr 13, 2011, 9:07:00 AM4/13/11
to Django users
Django's auth module will do just fine.
You can store other information, such as 'date_password_modified' in a
model (UserProfile perhaps) which has a one-to-one correspondence with
User. Then you need to override the login view to check the validity
of the password based on this field. Now to determine the first login,
you can add a first_login boolean field to this model as well and use
it for checking.
--
Gladys
http://blog.bixly.com
You can store other information, such as 'date_password_modified' in a
model (UserProfile perhaps) which has a one-to-one correspondence with
User. Then you need to override the login view to check the validity
of the password based on this field. Now to determine the first login,
you can add a first_login boolean field to this model as well and use
it for checking.
--
Gladys
http://blog.bixly.com
gkuenning
Apr 14, 2011, 12:01:29 AM4/14/11
to Django users
On Apr 12, 6:47 am, Harish Tejwani <har...@wizni.com> wrote:
> What would be the best module or app that can support
>
> a) User's Password expiring every 6 months, so they are forced to
> change it
implementing such a policy. Password expiration is well known in the
security community as being a horrible idea that has somehow become
popular. Refer to Bruce Schneier's writings on the subject if you
want more information, but briefly, expiring passwords is based on the
assumption that a bad guy has acquired an encrypted password and needs
longer than the expiration period to crack the encryption. This
assumption is nearly always false, especially with a 6-month
expiration period.
The other reason it's a horrible idea is that it forces people to pick
bad passwords. Choosing a good password takes time, and suddenly
presenting them with a requirement that they pick a new password makes
that time unavailable. (FWIW, my current password is over six years
old. My servers get attacked daily and have never been cracked.)
> b) For new user's that get system generated passwords, and are forced
> to change at FIRST login
safe, be sure they are notified of this requirement well before the
first login, so that they can spend some time thinking about good
passwords.
Reply all
Reply to author
Forward
0 new messages