How can I set a minimum password length when using the built-in Django auth module?

I think the easiest way to achieve this is using Django password validation

For minimum length would be enough adding this to settings file:

AUTH_PASSWORD_VALIDATORS = [
    {
        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
        'OPTIONS': {
            'min_length': 8,
        }
    },
]

There are others validators like NumericPasswordValidator and CommonPasswordValidator


Especially if you're already using a sub-classed UserCreationForm, I'd say you should definitely just add the validation to it. You should be able to override the clean_password method on the form:

def clean_password(self):
    password = self.cleaned_data.get('password1')
    if len(password) < 8:
        raise ValidationError('Password too short')
    return super(MyUserCreationForm, self).clean_password1()

Subclassing the user creation form sounds like a good approach. You can't enforce it at the database level, since Django only stores a hash of the password.