Passwords are after ":" And password policy is that the password must be 7 to 32 characters long and The password must contain a mix of letters, numbers, and/or special characters also passwords containing only letters or only numbers are not accepted
Means if we have
username:Password42
Username52#:sssdt3
user:Pass!626795
use:uss
it removes all and only leaves
username:Password42
user:Pass!626795
i tried using
^:*(?!(?=.*\d)(?=.*[a-z])(?=.*[A-Z])|(?=.*\d)(?=.*[a-z])(?=.*[!##$%^&*()_+])|(?=.*\d)(?=.*[A-Z])(?=.*[!##$%^&*()_+])|(?=.*[a-z])(?=.*[A-Z])(?=.*[!##$%^&*()_+])|(?=.*[a-z])(?=.*[A-Z])(?=.*[!##$%^&*()_+])).*$\R*
but it didnt work good, Idk what's wrong in it, Maybe please anyone fix it for me for my policy?
You can use this regular expression to remove lines with wrong passwords: ^.+?:(.{1,6}|.{33,}|[[:alpha:]]+|\d+)$:
too short,
too long,
consisting of letters only,
consisting of digits only.
I found the regex below that I'm using to validate password complexity. How can I modify it to include these characters -_+=#^~ ?
current regex
^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[$#$!%*?&])[A-Za-z\d$#$!%*?&]{8,}
conditions
Minimum eight characters, at least one uppercase letter, one lowercase letter, one number and one special character
You can include those special characters in the character classes:
^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[-_+=#^~$#$!%*?&])[\w+=^$#$!%*?&~-]{8,}$
RegEx Demo
Just remember to keep unescaped hyphen either at start or at the end of the character class and keep ^ in the middle to avoid interpreting it as negation.
Brief
I see these types of questions get posted here all the time, especially with the javascript tag.
The way you're validating passwords is actually very wrong. Don't limit the passwords to a specific set of characters. You're making hackers' jobs extremely easy. How many iterations of the characters abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_+=#^~$#!%*?& are there? Yes, a lot, but limiting the characters to that set reduces the number of iterations possible. Your character set includes 76 characters.
Now let's do some math. 76 characters, password of length 8 (let's be honest, even though we don't like to admit it, most users use a password that's as short as possible, so 8 characters in your case). That means there are 760,269,225,744,000 possible permutations of those characters.
Great! Now what? Adding one more character to the set (77 characters instead of 76) we now get 848,416,382,352,000 permutations (+88,147,156,608,000 permutations). One more (78) yields 945,378,254,620,800 (+96,961,872,268,800 permutations) etc. As you can see, adding one more character to the set increases the number of permutations exponentially.
Whilst adding additional characters to your set may not actually increase password strength (users may still use e in the password instead of è), it at least gives users the option to try to make their passwords stronger.
According to OWASP (the Open Web Application Security Project) - a worldwide not-for-profit organization focused on improving the security of software (from their article on Password Storage Cheat Sheet):
Do not limit the character set and set long max lengths for credentials
Some organizations restrict the
types of special characters
length of credentials accepted by systems because of their inability to prevent SQL Injection, Cross-site scripting,
command-injection and other forms of injection attacks. These
restrictions, while well-intentioned, facilitate certain simple
attacks such as brute force.
Do not allow short or no-length passwords and do not apply character
set, or encoding restrictions on the entry or storage of credentials.
Continue applying encoding, escaping, masking, outright omission, and
other best practices to eliminate injection risks.
A reasonable long password length is 160. Very long password policies
can lead to DOS in certain circumstances.
An interesting read: Think you have a strong password? Hackers crack 16-character passwords in less than an HOUR.
Code
All that being said, I understand trying to help users in the creation of a strong password. For that you can use the following regex (note that not all regex flavours support this, but most languages will support some form of Unicode support, this will need to be adapted for those languages). Also note that this should be run server-side only as doing so client-side exposes information about your password requirements in plain-sight to any hackers (yes, it's still possible for them to figure it out by creating an account and trying to use easy passwords, but it still means they have to put a little bit of effort into figuring out what is and is not allowed):
^(?=.*\p{Ll})(?=.*\p{Lu})(?=.*\p{N})(?=.*[^\p{L}\p{N}\p{C}]).{8,}$
Explanation
^ Assert position at the start of the line
(?=.*\p{Ll}) Positive lookahead ensuring at least one lowercase letter (in any language/script) exists
(?=.*\p{Lu}) Positive lookahead ensuring at least one uppercase letter (in any language/script) exists
(?=.*\p{N}) Positive lookahead ensuring at least one number (any any language/script) exists
(?=.*[^\p{L}\p{N}\p{C}]) Positive lookahead ensuring at least one character that isn't a letter, number or control character (in any language/script) exists
.{8,} Match any character 8 or more times
$ Assert position at the end of the line
I'm trying to create a RegExpression to meet the criteria below;
at least 1 Lowercase
at least 1 Uppercase
at least 1 Digit
No Spaces
Minimum 8 characters
No special characters
So far I got this;
^(?=.{8,})(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.\s).*$
However I can not get it to work.
Any help would be greatly appreciated.
I was never good at puzzles :)
You're nearly there; it's just the .* at the end that ignores your "no spaces/special characters" rules, and the (?=.\s) lookahead is wrong (you probably meant (?!.*\s) or (?=\S*$)).
But you don't need that lookahead anyway because you can simply specify which characters are allowed (and enforce the "8 characters minimum" rule there, too):
^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[A-Za-z\d]{8,}$
But why do you want to keep users from using non-alphanumeric characters in their passwords?
I just started working with Django 1.4 recently. I remember when I worked with 1.3 that there was a list of characters which were allowed as password characters. It included the usual alphanumeric as well as a few special characters, such as $, %, _, and #.
Does anyone know where in the documentation I can find the list of permitted password characters?
Thanks.
You probably mean the limitation of allowed chars for username. There is no limitation on inputted password. You can use one character as long as you can input it in password input. There is a set of chars for making a random password, but its not the limitation.
I was trying to install joomla on my website. While installing joomla, I was asked to create a MYSQl user. But I couldn't because, everytime I type as password, it gives a message saying the paswword doesn't meet the reqular expression requirement. Given below is the regular expression
'(?=^.{8,}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$'
What does this mean? What password can I give? Give an example of a password that will pass this regular expression test. Please help me
(?=^.{8,}$)
This part means has 8 more more characters, and the match starts at the start of input.
((?=.*\d)
Means contains a digit.
|(?=.*\W+))
Or contains something that is neither a letter or a digit
(?![.\n])
not starting with a dot or UNIX newline.
(?=.*[A-Z])
Contains at least one capital letter.
(?=.*[a-z])
Contains at least one lowercase letter
.*$
Consists entirely of non-newline characters and the matched group will contain the entire string.
Password should be 8 symbols or more, atleast one digit or a non-character , atleast one lower alpha and atleast one upper alpha and not beginning with . or newline ( seriously?)
Example: Manojlds9