In previous chapters, you learned about hashing and authentication; in this chapter, you’ll learn about the intersection of these topics. Bob uses two new workflows in this chapter: a password-change workflow and a password-reset workflow. Once again, data authentication makes an appearance. You combine salted hashing and a key derivation function as a defense layer against breaches and brute-force attacks. Along the way, I’ll show you how to choose and enforce a password policy. Finally, I’ll show you how to migrate from one password-hashing strategy to another.
In the previous chapter, you mapped URL paths to a collection of built-in Django views. You used two of these views, LoginView and LogoutView, to build an authentication workflow. In this section, I’ll show you another workflow composed of two more of these views: PasswordChangeView and PasswordChangeDoneView.