I think it would be a good idea to add a check for insecure hashers on PASSWORD_HASHERS[0], I know the insecure ones are not enabled by default, but I think it would be useful to warn users that have enabled them that it's a bad idea.
They could have enabled them on production while thinking they only enabled them for testing for example. -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/c70419c8-5328-4665-a8bf-0cc0a99c5dcbn%40googlegroups.com.
