---

Todo

Installation

django-secure-passwords is currently available only on Blueshoe's Python Package Index.

pip3 install django-secure-passwords

Add "django-secure-passwords" to your INSTALLED_APPS:

INSTALLED_APPS = [
    "...",
    "securepasswords",
]

Tracking of login attempts and account blocking

To track login attempts and lock account after a number of unsuccessful attempts use django-axes package. It can log successful and unsuccessful attempts, saving this information to the database. The record consists of time of login, IP address, user agent, username, path to which the login was attempted and the number of failed attempts.

To install this package, run:

pip3 install django-axes

Then, according to the installation guide you need to add these settings to your settings.py file:

INSTALLED_APPS = [
    '...',
    # Axes app can be in any position in the INSTALLED_APPS list.
    'axes',
]

AUTHENTICATION_BACKENDS = [
    # AxesBackend should be the first backend in the AUTHENTICATION_BACKENDS list.
    'axes.backends.AxesBackend',
    '...',
]

MIDDLEWARE = [
    # The following is the list of default middleware in new Django projects.
    '...',
    # AxesMiddleware should be the last middleware in the MIDDLEWARE list.
    # It only formats user lockout messages and renders Axes lockout responses
    # on failed user authentication attempts from login views.
    # If you do not want Axes to override the authentication response
    # you can skip installing the middleware and use your own views.
    'axes.middleware.AxesMiddleware',
]

Different configuration variables are available, those variables can be directly added to the settings.py file.

Usage

TODO prettify

Recommended: usage of AbstractBaseUser subclass as AUTH_USER_MODEL