Reg expression for password complexity requirements

Discussion in 'Javascript' started by shimshim@gmail.com, May 27, 2009.

  1. Guest

    Hello,

    I need help in finding reg expression for password complexity
    requirements.
    The requirements are:

    · No dictionary words;
    · At least 1 character must be alphabetical and at least 1 character
    must be a digit or a non-alphanumeric character;
    · At least 6 characters must occur only once in a password;
    · Passwords cannot contain any string that is also contained in the
    username;
    · Passwords cannot contain any common strings such as a sequential
    series of letters (abcd) or a sequential series of numbers (1234) or
    pattern of numbers (2468).

    Thanks :)
     
    , May 27, 2009
    #1
    1. Advertising

  2. Evertjan. Guest

    Daniel wrote on 27 mei 2009 in comp.lang.javascript:

    > On Wed, 27 May 2009 07:53:38 -0700 (PDT), wrote:
    >
    >>Hello,
    >>
    >>I need help in finding reg expression for password complexity
    >>requirements.
    >>The requirements are:
    >>
    >>ú No dictionary words;

    >
    > Are you sure this is something you want to do on the client side
    > (javascript)? Isn't this a candidate for the server side checking?


    Even as I use VBscript as the main serverside language,
    this is a good example where a serverside javascript function
    is my favorite.

    --
    Evertjan.
    The Netherlands.
    (Please change the x'es to dots in my emailaddress)
     
    Evertjan., May 27, 2009
    #2
    1. Advertising

  3. Guest

    On May 27, 11:06 am, Daniel <> wrote:
    > On Wed, 27 May 2009 07:53:38 -0700 (PDT), wrote:
    > >Hello,

    >
    > >I need help in finding reg expression for password complexity
    > >requirements.
    > >The requirements are:

    >
    > >· No dictionary words;

    >
    > Are you sure this is something you want to do on the client side
    > (javascript)? Isn't this a candidate for the server side checking?



    I guess "No dictionary words" doesn't need to be in client side but I
    was wondering about last three requirements.

    Thanks a lot.
     
    , May 27, 2009
    #3
  4. wrote:
    > On May 27, 11:06 am, Daniel <> wrote:
    >> On Wed, 27 May 2009 07:53:38 -0700 (PDT), wrote:
    >>> I need help in finding reg expression for password complexity
    >>> requirements.
    >>> The requirements are:
    >>> · No dictionary words;

    >> Are you sure this is something you want to do on the client side
    >> (javascript)? Isn't this a candidate for the server side checking?

    >
    > I guess "No dictionary words" doesn't need to be in client side but I
    > was wondering about last three requirements.


    STFW, RTFM:

    <http://www.google.com/search?q=javascript+regexp&filter=0>
    (ignore the w3schoools.com hit)

    <https://developer.mozilla.org/En/Core_JavaScript_1.5_Guide/Regular_Expressions>
    (Interestingly enough, there is a bit of a duplicate of the Reference:
    <https://developer.mozilla.org/en/Core_JavaScript_1.5_Reference/Global_Objects/RegExp>)

    > Thanks a lot.


    You're welcome. Please take heed of <http://jibbering.com/faq/#posting> pp.
    next time.


    PointedEars
     
    Thomas 'PointedEars' Lahn, May 27, 2009
    #4
  5. In comp.lang.javascript message <7d6d7115-5311-4c3f-a0d2-ae3b96ca77b7@x6
    g2000vbg.googlegroups.com>, Wed, 27 May 2009 07:53:38,
    posted:

    >I need help in finding reg expression for password complexity
    >requirements.


    Sounds like a specification written by a person of limited intellect.

    >The requirements are:
    >
    >· No dictionary words;


    Which dictionary? A pocket one? The Full Oxford English Dictionary? A
    foreign dictionary?

    >· At least 1 character must be alphabetical and at least 1 character
    >must be a digit or a non-alphanumeric character;


    Which characters constitute the alphabet? Most dictionaries contain
    letters outside the set A to Z. Some languages do not include all of
    those letters.

    How large is the possible character set? That influences how coding
    should be done. Sholes began with 35; JavaScript String.charAt can give
    65536 different results, IIRC.

    >· At least 6 characters must occur only once in a password;
    >· Passwords cannot contain any string that is also contained in the
    >username;


    That means that no characters can match, since a string can be one
    character long.

    >· Passwords cannot contain any common strings such as a sequential
    >series of letters (abcd) or a sequential series of numbers (1234) or
    >pattern of numbers (2468).


    Hoe about LNER, 4468, 126, A4, 462, 19380703; 26536, 18285; 20871? All
    are well-known, to some. How about 112263? How about SPQR? How about
    285714? Your criterion is far too ill-defined. And who would have
    considered "Obama" to be a well-known string a decade ago?



    Those of your requirements that are implementable are easily done
    without using RegExps; for none of those do RegExps seem particularly
    useful.

    --
    (c) John Stockton, Surrey, UK. ?@merlyn.demon.co.uk Turnpike v6.05 MIME.
    Web <URL:http://www.merlyn.demon.co.uk/> - FAQish topics, acronyms, & links.
    Proper <= 4-line sig. separator as above, a line exactly "-- " (SonOfRFC1036)
    Do not Mail News to me. Before a reply, quote with ">" or "> " (SonOfRFC1036)
     
    Dr J R Stockton, May 27, 2009
    #5
  6. On Wed, 27 May 2009 at 07:53:38, in comp.lang.javascript, wrote:
    >Hello,
    >
    >I need help in finding reg expression for password complexity
    >requirements.
    >The requirements are:
    >
    >· No dictionary words;
    >· At least 1 character must be alphabetical and at least 1 character
    >must be a digit or a non-alphanumeric character;
    >· At least 6 characters must occur only once in a password;
    >· Passwords cannot contain any string that is also contained in the
    >username;
    >· Passwords cannot contain any common strings such as a sequential
    >series of letters (abcd) or a sequential series of numbers (1234) or
    >pattern of numbers (2468).


    Should it accept

    alpha beta gamma wonkity

    If not, why not?

    John
    --
    John Harris
     
    John G Harris, May 27, 2009
    #6
  7. writes:

    > Hello,
    >
    > I need help in finding reg expression for password complexity
    > requirements.


    Why must it be a regular expression? Why not use the perfectly good
    programming language you have to implement the algorithm you need
    instead of restricting yourself to a small, computationally bounded,
    subset?

    > The requirements are:
    >
    > · No dictionary words;


    So you need a list of all dictionary words. Test against that first.

    > · At least 1 character must be alphabetical and at least 1 character
    > must be a digit or a non-alphanumeric character;


    /[a-z]/i.test(input) && /[^a-z]/i.test(input)

    > · At least 6 characters must occur only once in a password;


    Interesting. I would never do that with regexps.

    > · Passwords cannot contain any string that is also contained in the
    > username;


    What is a "string contained in the username"? Any letter in the
    username is a one-character string. The empty string is also contained
    in the username. This should be clarified.

    > · Passwords cannot contain any common strings such as a sequential
    > series of letters (abcd) or a sequential series of numbers (1234) or
    > pattern of numbers (2468).


    Again this has to be specified more precisely. Is 4816 a sequential
    series? Is 4896? You can't make a test until the requirement is
    specified precisely enough that you can say for any string whether
    it matches it or not. Examples are not enough.

    In summary: There is no way you will ever get something this complex
    into a single regexp. And you shouldn't even if you find a way.

    /L
    --
    Lasse Reichstein Holst Nielsen
    'Javascript frameworks is a disruptive technology'
     
    Lasse Reichstein Nielsen, May 29, 2009
    #7
  8. wrote:

    > I need help in finding reg expression for password complexity
    > requirements.
    > The requirements are:
    >
    > · No dictionary words;
    > · At least 1 character must be alphabetical and at least 1 character
    > must be a digit or a non-alphanumeric character;
    > · At least 6 characters must occur only once in a password;
    > · Passwords cannot contain any string that is also contained in the
    > username;
    > · Passwords cannot contain any common strings such as a sequential
    > series of letters (abcd) or a sequential series of numbers (1234) or
    > pattern of numbers (2468).


    Maybe you don't need these tests at all. Read this analysis of password
    strength, which comes to the conclusion, that "this is fun" is more secure
    than "J4fs<2":

    http://www.baekdal.com/articles/Usability/password-security-usability/

    Matt
     
    Matthias Reuter, May 29, 2009
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?TW9yZ2FuIFJvZGVyaWNr?=

    2.0 Controlling password complexity in Membership

    =?Utf-8?B?TW9yZ2FuIFJvZGVyaWNr?=, Apr 21, 2005, in forum: ASP .Net
    Replies:
    3
    Views:
    559
    clintonG
    Apr 22, 2005
  2. Paul
    Replies:
    3
    Views:
    610
  3. AAaron123
    Replies:
    2
    Views:
    2,201
    AAaron123
    Jan 16, 2009
  4. AAaron123
    Replies:
    1
    Views:
    1,356
    Oriane
    Jan 16, 2009
  5. Bryan Harrington

    password requirements

    Bryan Harrington, Nov 24, 2003, in forum: ASP General
    Replies:
    4
    Views:
    133
    Rob Meade
    Nov 25, 2003
Loading...

Share This Page