How can I validate the strength of a provided password?

Author: BitRock Support       Date: March 04, 2010 18:30       Tags: Installation
Tips

To check if a password is strong enough for your application, you can validate it using a rule: 

<passwordParameter>
 <name>password</name>
 <description>Password</description>
 <explanation>Administrator account password</explanation>
 <value></value>
 <default></default>
 <allowEmptyValue>1</allowEmptyValue>
 <descriptionRetype></descriptionRetype>
 <width>20</width>
 <validationActionList>
     <throwError text="The password provided is not strong enough">
       <ruleList>
          <regExMatch>
             <logic>does_not_match</logic>
             <pattern>^(?=(?:\D*\d){2})(?=(?:[^a-z]*[a-z]){2})(?=(?:[^A-Z]*[A-Z]){2})(?=(?:[^!@#$%^&amp;*+=]*[!@#$%^&amp;*+=]){2}).{10,}$</pattern>
             <text>${password}</text>
          </regExMatch>
       </ruleList>
     </throwError>
 </validationActionList>
</passwordParameter>
The above checks if the password includes at least 2 uppers, 2 lowers, 2 digits and 2 special characters. It also requests at least a 10 characters length. To modify the number of requested characters for each type you just have to change the numbers inside the curly brackets. For example, to request 3 special characters:

(?=(?:[^!@#$%^&*+=]*[!@#$%^&*+=]){3})

And to modify the minimum length, the last part of the pattern: .{10,}$

 

Back You should login to comment

 

You are
currently not
logged in.

 Log in 

or

Sign up