The knowledge base is no longer actively updated, we have moved all content to our Community Support Forum

How can I validate the strength of a provided password?

Author: BitRock Support       Date: March 04, 2010 18:30       Tags: Installation
Tips

To check if a password is strong enough for your application, you can validate it using a rule: 

<passwordParameter>
 <name>password</name>
 <description>Password</description>
 <explanation>Administrator account password</explanation>
 <value></value>
 <default></default>
 <allowEmptyValue>1</allowEmptyValue>
 <descriptionRetype></descriptionRetype>
 <width>20</width>
 <validationActionList>
     <throwError text="The password provided is not strong enough">
       <ruleList>
          <regExMatch>
             <logic>does_not_match</logic>
             <pattern>^(?=(?:\D*\d){2})(?=(?:[^a-z]*[a-z]){2})(?=(?:[^A-Z]*[A-Z]){2})(?=(?:[^!@#$%^&amp;*+=]*[!@#$%^&amp;*+=]){2}).{10,}$</pattern>
             <text>${password}</text>
          </regExMatch>
       </ruleList>
     </throwError>
 </validationActionList>
</passwordParameter>
The above checks if the password includes at least 2 uppers, 2 lowers, 2 digits and 2 special characters. It also requests at least a 10 characters length. To modify the number of requested characters for each type you just have to change the numbers inside the curly brackets. For example, to request 3 special characters:

(?=(?:[^!@#$%^&*+=]*[!@#$%^&*+=]){3})

And to modify the minimum length, the last part of the pattern: .{10,}$

Comments

autocheck password policy's

Author: sTaX       Date: May 21, 2011 19:40

Hi,

is there a way to check dynamically the entered password against the current password-policy’s on a windows pc?


Re: autocheck password policy's

Author: wojciech       Date: May 24, 2011 13:53

Unfortunately it is not possible to verify a password against computer policies.

However, it is possible to create the user as part of parameter group’s validation and show a message in case user exists, password does not match criteria or any other error occurs. In such case, user should also then be deleted in <installationAbortedActionList> in case user does not finish installation.


 

Back