The most significant difference is that if you supply a password to the .create() method, it will be set verbatim on the user, and will not be usable to authenticate the user.

>>> user = User.objects.create(username="foo", password="bar") >>> user.password 'bar' 

Instead, the create_user() method hashes the password argument, which is then.

>>> user = User.objects.create_user(username="foo", password="bar") >>> user.password 'pbkdf2_sha256$120000$2pHBVu3tYYbK$ESG1nbUY2ZhEmstJ7Fzu1DioXmGYXiLw31YDkOGn9E0=' 

See https://github.com/django/django/blob/master/django/contrib/auth/models.py#L145.

Some other 'tidying' is also done. See the rest of the function linked above.

The most significant difference is that if you supply a password to the .create() method, it will be set verbatim on the user, and will not be usable to authenticate the user.

>>> user = User.objects.create(username="foo", password="bar") >>> user.password 'bar' >>> user.check_password("bar") False 

Instead, the create_user() method hashes the password argument, which is then.

>>> user = User.objects.create_user(username="foo", password="bar") >>> user.password 'pbkdf2_sha256$120000$2pHBVu3tYYbK$ESG1nbUY2ZhEmstJ7Fzu1DioXmGYXiLw31YDkOGn9E0=' >>> user.check_password("bar") True 

See https://github.com/django/django/blob/master/django/contrib/auth/models.py#L145.

Some other 'tidying' is also done. See the rest of the function linked above.