Pages

Sunday, July 17, 2011

Password Complexity Regex redeux

Previously I had post a password complexity regex.  Reevaluating this post I have discovered a problem.  It's too confusing!  Regular Expressions are sometimes confusing to create and debug.  This leads some developers to shy away from using them. My original regex is good enough at evaluating the passowrd, however I think if you were to utilize several simpler regexes in an if statement then you can provide your user with specific guidance to what needs to be changed with the password.  Here is an example


function check password(password)
   {
      if (! password.matches([A-Z]{2}))
      { 
         alert("You must have at least 2 capital letters in your password);
      }
      else if (! password.matches([0-9]{2}))
      {
         alert("You must have at least 2 numbers in your password);
      }
      else if (! password.matches([*$%@]{2}))
      {
         alert("You must have at least 2 of *,$,% or @ characters in your password);     } 
      }
   } 
 

What this allows you to do is to reply back with specific message that will tell the password creator how to alter the new password.  In addition, we have reduced to the complexity of the regexs down to some very simple verifications.

No comments:

Post a Comment