We are looking for reviews. I am creating a django application where users are provided with randomly generated passwords.
Currently, a password is generated using the make_random_password () function in django auth.
However, early feedback is that emails are too difficult to remember (even if users can change them).
This is a closed (invitation) application, but it lives on the Internet. Only about 600 users. I had a solution which, in my opinion, is somewhat uncertain, but I wanted to run it with SO users as it solves the feedback problem.
In my settings.py file, I created two lists, one containing about 20 machine names, and the other about 40 verbs (which are capital letters).
I was going to randomly select one from each list, combine them together, and then add a few random characters to the end.
All passwords will be at least 9 characters long and are saved by hash using the django set_password () function
The biggest problem that I see is that if someone gets access to the SFTP server, they will have access to my code AND, therefore, a template for hacking pwords.
BUT they will also have access to db, etc., so what is the real problem?
picus source
share