admin:admin everybody's favorite password

Rusty lock

Whenever you install a Django project you are asked to create an admin user, now, how many of you have just typed admin for the user, for the email and admin for the password? Admit it. If you do it, you can not expect users of your software not do it.

Admin passwords have been called the achilles heel of security. To improve this situation whenever an users installs Mayan EDMS an admin user is automatically created with a random password, the automatic password is stored, and displayed on the login window until the user changes it.

This workflow is a bit tricky requiring signals, a template tag and singletons, luckily for you this has been packaged in a nice Django app called django-autoadmin. To use django-autoadmin, just add it to your requirements file, add 'autoadmin' to you INSTALLED_APPS list, load the autoadmin_tags in your login template, and call the autoadmin_partial tag to display the automatically generated admin credentials. Once the admin password is updated the message will no longer be displayed.

auto admin

Image credit: