Enforcing Password Complexity

There has been some discussion of late about passwords vs. pass phrases and how long a password should be. I won't add to the mix except to say that I am a believer when it comes to complex passwords. Heck, my 4 year old is required to use a userid and password to log into his session on his computer :-)

I've recently been working on some things that require me to make sure that the passwords that are used are sufficiently complex. Here is what I am using right now:

Must be at least 10 characters
Must contain at least one one lower case letter, one upper case letter, one digit and one special character
Valid special characters are - @#$%^&+=

The regex that I am using to enforce this is:

^.*(?=.{10,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=]).*$

As you can see in the regex, the list of special characters is configurable...

posted on Thursday, September 23, 2004 10:18 PM

This website is Copyright © 2001-2004 by Kylas Group LLC. All rights reserved. By using this website you agree to abide, comply, and be bound by these Terms of Use and Terms of Service. As a user of this website you agree that all information is provided on an as is basis, and the use of this web site is at your sole risk. Links listed are solely based on our opinion of value. The links provided are maintained by their respective organizations, who are solely responsible for its content. Trademarks are the property of their respective owners. Use of trademarks, logos, and brand names on this site are for identification purposes only, and does not imply an endorsement of this website by the trademark owner.

My Links

Archives

Post Categories

Articles

Blogs - Architecture

Blogs - Security

Blogs - Smart/Great/Local

Info - Architecture

Info - Essential

Info - Security

Affiliations

Sponsored By

Enforcing Password Complexity