django-fire

django-fire if a toolbox to remove users password.

Maybe you are an administrator for django service and haved noticed an incident, such as password exposure or cracking password hash algorithms (pbkdf2, bcrypt, etc.)

You can use this project to clean these vulnerable passwords.

Quick Instructions

$ pip install django_fire

INSTALLED_APPS = [
    'django_fire',
    # ...
]

$ python manage.py firepassword --all

You can remove all your users’ password just in 5 minutes.

After invalidating passwords

After removing passwords, logins from users will always fails.

We provide auth backends to notice users that “your password is invalidated”

AUTHENTICATION_BACKENDS = [
    'django.contrib.auth.backends.ModelBackend',
    'django_fire.backends.FiredPasswordBackend',
]

If user try to login, user see messages like below.

_images/login-fired-password.png