duck.security.passwords

Password strength validation utilities.

This module provides reusable validators for checking password length, numeric-only passwords, common passwords, and user-attribute similarity.

Module Contents

Functions

get_common_passwords	Load and cache common passwords.
is_too_similar	Check whether a password is too similar to user attributes.
load_common_passwords	Load common passwords from a plain text or gzip-compressed file.
validate_password_strength	Validate password strength.

Data

_COMMON_PASSWORDS_CACHE
_COMMON_PASSWORDS_PATH

API

exception duck.security.passwords.PasswordValidationError(messages: Sequence[str])

Bases: ValueError

Raised when a password fails one or more strength checks.

Initialization

Initialize self. See help(type(self)) for accurate signature.

duck.security.passwords._COMMON_PASSWORDS_CACHE: set[str] | None

None

duck.security.passwords._COMMON_PASSWORDS_PATH

None

duck.security.passwords.get_common_passwords(path: str | pathlib.Path) → set[str]

Load and cache common passwords.

Parameters:

path – Path to a common-password list.

Returns:

Cached set of common passwords.

duck.security.passwords.is_too_similar(password: str, user_attributes: Iterable[str], *, max_similarity: float = 0.7) → bool

Check whether a password is too similar to user attributes.

Parameters:

• password – Raw password.

• user_attributes – User-related values like username, email, or name.

• max_similarity – Maximum allowed similarity ratio.

Returns:

True if the password is too similar, otherwise False.

duck.security.passwords.load_common_passwords(path: str | pathlib.Path) → set[str]

Load common passwords from a plain text or gzip-compressed file.

Parameters:

path – Path to a .txt or .txt.gz password list.

Returns:

A normalized set of lowercase passwords.

duck.security.passwords.validate_password_strength(password: str, *, user_attributes: Iterable[str] = (), common_passwords_path: str | pathlib.Path | None = _COMMON_PASSWORDS_PATH, min_length: int = 8, max_similarity: float = 0.7) → None

Validate password strength.

Parameters:

• password – Raw password to validate.

• user_attributes – Optional user-related values to compare against.

• common_passwords_path – Optional path to common-passwords .txt or .txt.gz.

• min_length – Minimum allowed password length.

• max_similarity – Maximum allowed similarity to user attributes.

Raises:

• TypeError – If password is not a string.

• PasswordValidationError – If password fails validation.