Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent Password Reuse #290

Open
cptnsx opened this issue Jul 24, 2018 · 4 comments
Open

Prevent Password Reuse #290

cptnsx opened this issue Jul 24, 2018 · 4 comments

Comments

@cptnsx
Copy link

cptnsx commented Jul 24, 2018

I'm not a programmer, but I'm on the security side so I need to validate things to ensure this software will meet our needs. I see in the documentation that password history can be tracked to ensure passwords are changed but is there anything to prevent password reuse i.e. reusing the same password?

I see the parameter ACCOUNT_REMEMBER_ME_EXPIRY but I don't see exactly what that does. Does this parameter remember and prevent password reuse or just password history in general.
@KatherineMichel
Copy link
Member

It looks like ACCOUNT_REMEMBER_ME_EXPIRY is for session expiration, not password reuse.

https://github.com/pinax/django-user-accounts/blob/master/account/views.py#L419

I'm looking through the code and I don't see password reuse prevention.

@cptnsx
Copy link
Author

cptnsx commented Jul 25, 2018

Thanks.

@sar99
Copy link

sar99 commented Jan 8, 2020

Hello!
I wanted to add this feature, may I take this issue?

@KatherineMichel
Copy link
Member

@sar99 You're welcome to do it. I'm not sure how soon your PR will be reviewed though. The lead maintainer @brosner is starting a new job and stuff.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@KatherineMichel @cptnsx @sar99