Password Settings

FORCE_COMPLEX

Default: True (Boolean)

Flag that determines whether to force complex passwords, when set to True, Onyx will require all new account passwords to meet the following:

• 8 Characters
• 1 Uppercase Character
• 1 Lowercase Character
• 1 Special Char
• 1 Number

PASSWORD_SCHEMES

Default: ["bcrypt"] (List(String))

Hash algorithms to support.

PASSWORD_SCHEMES_DEPRECATED

Default: `["auto"] (List(String))

Hash algorithms that should be deprecated.

SALT_SIZE

Default: 32 (Int)

The number of chars to salt passwords with.

Salt Algorithm

Password salting in Onyx is a bit different than most other systems. We use Python's secrets.choice() method to generate a unique salt for each user and to determine which char position to insert the salt in the password. This makes reversing hashes to find passwords a little bit more difficult than just salting and hashing alone.

PWD_CONTEXT

The PWD_CONTEXT object is a reference class of CryptContext that provides a number of handy features to validate passwords.