...

View Full Version : password validation



ugly
06-24-2004, 08:04 PM
I want to do this validation when user enters password

Must not contain all or part of your username:
 Must be at least eight characters in length.
 Must contain characters from three of the following four categories:
English uppercase characters (A through Z)
English lowercase characters (a through z)
Base 10 digits (0 through 9)
Non-alphanumeric characters (e.g., !, $, #, %)

Willy Duitt
06-24-2004, 08:11 PM
Two words: Regular Expression (http://www.regexlib.com/REDetails.aspx?regexp_id=610)!

I would have tried to write this for you up until I seen your requirement of:
"Must contain characters from three of the following four categories"......

Philip M
06-25-2004, 08:39 AM
Must not contain all or part of your username:
That is the hard bit! What does "part" mean? Any character in the username?

Otherwise: test the four requirements in turn with a regex

• English uppercase characters (A through Z)
• English lowercase characters (a through z)
• Base 10 digits (0 through 9)
• Non-alphanumeric characters (e.g., !, $, #, %)

e.g. if (/[A-Z]/.test(password.value)) // test for A through Z
if (/[a-z]/.test(password.value)) // test for a through z
if (/\d/.test(password.value)) // test for a digit
if (/\W/.test(password.value)) // test for a non-alpha character

and increment a flag if the regex returns true {flag ++ }

then: if (flag >= 3) { /// password passes

Philip M
06-25-2004, 08:49 PM
Is it really necessary to demand such a complicated syntax for the password? In other words, does the password really have to be of military impregnability? Requiring such an awkward password sounds like overkill and means that many users will promptly forget it! And/or be put off registering or whatever.

Simple passwords are fine for non-sensitive sites, such as this. Even if someone can find out or guess the password I use for CodingForums.com
it is hardly life-threatening! And I somehow doubt if anyone is going to devote huge time and effort to finding a password for a site such as this.

Just a thought. I would have thought that an eight character password (with any characters allowed) would be pretty secure in most cases. My ISP requires 8+ characters but nothing more.

Roy Sinclair
06-25-2004, 10:12 PM
I'd guess that it's an Auditor's checkpoint. We recently had to do the same on our system except we have a system which also has a maximum of 8 characters as well so it means everyone has a password which is exactly 8 characters which incidentally reduces the difficulty of password cracking. The auditors are happy though because it met their little checkbox requirement.

Management needs to learn how to tell the auditors that they are wrong.

ugly
06-29-2004, 03:17 AM
Hi

can anyone know hv to check my password validation requirement.
If anyone hv idea pl.post code.i tried but i couldn't .
thanks



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum