Craig Loftus
FTC explicitly
GDPR implicitly
ICO (UK) guidelines specifically require protecting against
credential stuffing
NIST also recommends it directly
Talk about using web application firewalls (and others) to reduce the volume of attacks and guard against the more direct stuffing of credentials.
Tackling the stuffing is not enough. We also need to
help users with poor credentials.
Tackling the stuffing is not enough. We also need to
help users with poor credentials.
INSTALLED_APPS = [
...
'pwned.apps.PwnedConfig',
]
AUTH_PASSWORD_VALIDATORS = [
{
'NAME': 'pwned.validators.PwnedValidator',
},
...
]
$ pip install django-pwned-validator
In-active users