Fixed #33764 -- Deprecated BaseUserManager.make_random_password().

3 files changed, 8 insertions, 1 deletions

diff --git a/docs/internals/deprecation.txt b/docs/internals/deprecation.txt
index 7bef5e7db5..5709b45865 100644
--- a/docs/internals/deprecation.txt
+++ b/docs/internals/deprecation.txt
@@ -15,6 +15,8 @@ about each item can often be found in the release notes of two versions prior.
 See the :ref:`Django 4.2 release notes <deprecated-features-4.2>` for more
 details on these changes.
 
+* The ``BaseUserManager.make_random_password()`` method will be removed.
+
 .. _deprecation-removed-in-5.0:
 
 5.0
diff --git a/docs/releases/4.2.txt b/docs/releases/4.2.txt
index 0c80c5b103..b510eaa78f 100644
--- a/docs/releases/4.2.txt
+++ b/docs/releases/4.2.txt
@@ -250,4 +250,7 @@ Features deprecated in 4.2
 Miscellaneous
 -------------
 
-* ...
+* The ``BaseUserManager.make_random_password()`` method is deprecated. See
+  `recipes and best practices
+  <https://docs.python.org/3/library/secrets.html#recipes-and-best-practices>`_
+  for using Python's :py:mod:`secrets` module to generate passwords.
diff --git a/docs/topics/auth/customizing.txt b/docs/topics/auth/customizing.txt
index 38ee57240f..53db554baf 100644
--- a/docs/topics/auth/customizing.txt
+++ b/docs/topics/auth/customizing.txt
@@ -772,6 +772,8 @@ utility methods:
 
     .. method:: models.BaseUserManager.make_random_password(length=10, allowed_chars='abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789')
 
+        .. deprecated:: 4.2
+
         Returns a random password with the given length and given string of
         allowed characters. Note that the default value of ``allowed_chars``
         doesn't contain letters that can cause user confusion, including: