Comment 7 for bug 1760400

Django v1.10 has removed some password hashers. This will affect users who have registered with an old hasher: They can't log in anymore. Two solutions:

1. On demand: Django can automatically convert passwords when a user with old hasher logs in: https://docs.djangoproject.com/en/1.11/topics/auth/passwords/#password-upgrading
All needed for this is to add the old hasher to setting PASSWOR_HASHER

2. We can convert passwords without the need to login: https://docs.djangoproject.com/en/1.11/topics/auth/passwords/#password-upgrading-without-requiring-a-login

We have 3823 users using an old hasher.

I am unsure about which solution is the best for our needs. Most of the users who registered with an old hasher would likely never come back to our site.

Pros and cons:
Solution 1:
+ Not much work for us
- Needs a user to log out and login again

Solution 2:
+ Clean solution, imho
+ We can rely on the standard settings (no additional setting PASSWORD_HASHER)
- More work
- It may take a longer time to convert old passwords

Any suggestions?