Weak Password

Introduction

An authentication mechanism is only as strong as its credentials. For this reason, it is important to require users to have strong passwords. Lack of password complexity significantly reduces the search space when trying to guess user's passwords, making brute-force attacks easier.

Requirements

A password strength policy should contain the following attributes:

1. Minimum 8 characters in length

2. Contain both upper and lowercase alphabetic characters (e.g. A-Z, a-z)

3. Have at least one numerical character (e.g. 0-9)

4. Have at least one special character (e.g. ~!@#$%^&*()_-+=)

Solution

Regex:

This regex is common for all programming languages and make sure it has validated..The below regex has a minimum length of 8 characters, contain at least a capital letter, a small letter, a number, and a special character.

^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[!@#\$%\^&\*]).{8,}$

Modification in rules?

Let' say you want minimum x characters small letters, y characters capital letters, z characters numbers, Total minimum length w. Then try below regex

^(?=.*[a-z]{x,})(?=.*[A-Z]{y,})(?=.*[0-9]{z,})(?=.*[!@#\$%\^&\*]).{w,}$

References

1. https://www.acunetix.com/blog/web-security-zone/common-password-vulnerabilities/
2. https://cwe.mitre.org/data/definitions/521.html
3. https://www.aspsnippets.com/Articles/Password-Strength-validation-example-using-JavaScript-and-jQuery.aspx
4. https://www.geeksforgeeks.org/strong-password-suggester-program/
5. https://stackoverflow.com/questions/1152872/creating-a-regex-to-check-for-a-strong-password