My blog has moved and can now be found at http://blog.aniljohn.com

No action is needed on your part if you are already subscribed to this blog via e-mail or its syndication feed.

Thursday, September 23, 2004
« Hidden field tampering / Viewstate | Main | ASP.NET Vulnerability Mitigation »

There has been some discussion of late about passwords vs. pass phrases and how long a password should be. I won't add to the mix except to say that I am a believer when it comes to complex passwords. Heck, my 4 year old is required to use a userid and password to log into his session on his computer :-)

I've recently been working on some things that require me to make sure that the passwords that are used are sufficiently complex.  Here is what I am using right now:

  • Must be at least 10 characters
  • Must contain at least one one lower case letter, one upper case letter, one digit and one special character
  • Valid special characters are -   @#$%^&+=
The regex that I am using to enforce this is:
^.*(?=.{10,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=]).*$
 
As you can see in the regex, the list of special characters is configurable...
 
Tags:: Security
9/23/2004 10:18 PM Eastern Daylight Time  |  Comments [4]  |  Disclaimer  |  Permalink   
Sunday, May 8, 2005 12:06:43 AM (Eastern Daylight Time, UTC-04:00)
David Hayden - Sarasota Web Design Development - F
Sunday, May 8, 2005 12:06:43 AM (Eastern Daylight Time, UTC-04:00)
David Hayden - Sarasota Web Design Development - F
Sunday, May 8, 2005 12:06:43 AM (Eastern Daylight Time, UTC-04:00)
Jose Manner's Blog
Sunday, May 8, 2005 12:06:43 AM (Eastern Daylight Time, UTC-04:00)
Jose Manners' Blog
Comments are closed.