Django ZXCVBN Password

Travis-CI Build Status Codacy Code Quality Status Codacy Code Coverage PyPI Package latest release PyPI Wheel Updates Join the chat at

Back-end and Front-end password validation with ZXCVBN.

A combination of pirandig’s django-zxcvbn and aj-may’s django-password-strength Django apps. It combines back-end and front-end validation with strength meter display.


Software licensed under ISC license.


pip install django-zxcvbn-password



    'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
}, {
    'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
}, {
    'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
}, {
    'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
}, {
    'NAME': 'zxcvbn_password.ZXCVBNValidator',
    'OPTIONS': {
        'min_score': 3,
        'user_attributes': ('username', 'email', 'first_name', 'last_name')

from django import forms
from zxcvbn_password.fields import PasswordField, PasswordConfirmationField

class RegisterForm(forms.Form):
    password1 = PasswordField()
    password2 = PasswordConfirmationField(confirm_with=’password1’)


Remember to include {{ }} in your template. Please refer to the documentation of the two upstream repositories for more information.

By default, other inputs won’t be used to compute the score, but you can enforce it like this:


from zxcvbn_password import zxcbnn

# in your form class
def clean():
    password = self.cleaned_data.get('password')
    other_field1 = ...
    other_field2 = ...

    if password:
        score = zxcvbn(password, [other_field1, other_field2])['score']
        # raise forms.ValidationError if needed

    return self.cleaned_data



To run all the tests: tox