View Full Version : Password validation in javascript

11-01-2011, 01:03 PM
function StrongPassword(Input) {
//var re = /(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{6,}/; //1 number,1 Uppercase,1 lowercase,6 characters
var re = /^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])/; //1 digit,1 Uppercase,1 lowercase

if (re.test(Input))
alert('Strong Password');
else {
alert('Weak pwd');

Help to get correct output.... both the expr will execute the else block only...

11-01-2011, 02:44 PM
I presume you've got validate_required() function from this page: http://www.w3schools.com/js/js_form_validation.asp?

function validate_required(field,alerttxt)
with (field)
if (value==null||value=="")
alert(alerttxt);return false;
return true;
In this case your last condition will not work as you expect it.

You can replace it with this:

if (password.value != cpassword.value) {
alert("Your password and confirmation password do not match.");
return false;

Philip M
11-01-2011, 06:49 PM
In fact a password which requires so-many lower case charcters, so-many upper-case characters, so-many digits and/or so-many special characters is less secure than the same number of characters without restriction (assuming the password spec is known to the hacker), as there are fewer possible combinations to search.

A strong password should contain not fewer than 10 characters, and should not be restricted except to avoid a dictionary word.

All advice is supplied packaged by intellectual weight, and not by volume. Contents may settle slightly in transit.

11-02-2011, 08:32 AM
XKCD pretty much sums it up: http://xkcd.com/936/

Philip M
11-02-2011, 09:38 AM
I entirely agree with that. The best and strongest passwords which are easy to remember are made up of random ordinary words such as correcthorsebatterystaple. Or purplestarling721. Better still with words in a foreign language!