Enable password validators to avoid users chosing weak passwords

- password can’t be too similar to your other personal information.
- password must contain at least 10 characters.
- password can’t be a commonly used password.
- password can’t be entirely numeric.

Existing users are advised to reset their passwords!

tcms/settings/common.py

@@ -92,6 +92,25 @@
 # handler!
 AUTO_APPROVE_NEW_USERS = True
 
+# Password validation rules, see
+# https://docs.djangoproject.com/en/4.1/topics/auth/passwords/#enabling-password-validation
+AUTH_PASSWORD_VALIDATORS = [
+    {
+        "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
+    },
+    {
+        "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
+        "OPTIONS": {
+            "min_length": 10,
+        },
+    },
+    {
+        "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",
+    },
+    {
+        "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
+    },
+]
 
 # Set to False if you want to enforce account creation by admins.
 REGISTRATION_ENABLED = (