Welcome! Log In Create A New Profile

Advanced

[PHP] Password filter

Posted by Tedd Sperling 
Tedd Sperling
[PHP] Password filter
January 12, 2018 05:30PM
Hi Gang:

Does anyone have a password filter? IOW, a routine/function where it rejects any password that does not conform to certain rules such as “At least on Capital letter. At least one Number. At least one Symbol” and such? I know, I hate those things myself — because I use phrases and it annoys me when these “Know it all” routines stop me from using pass-phrases I like, but I’ve had an order from a client and never argue with a client.

I know I could write one myself, but I’m lazy. I would rather pick up a free one from this group. After all, you guys are some of the best programmers I know.

Cheers,

tedd
_______________
tedd sperling
tedd@sperling.com






--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Per Jessen
Re: [PHP] Password filter
January 12, 2018 06:50PM
Tedd Sperling wrote:

> Hi Gang:
>
> Does anyone have a password filter? IOW, a routine/function where it
> rejects any password that does not conform to certain rules such as
> “At least on Capital letter. At least one Number. At least one Symbol”
> and such? I know, I hate those things myself — because I use phrases
> and it annoys me when these “Know it all” routines stop me from using
> pass-phrases I like, but I’ve had an order from a client and never
> argue with a client.

Sounds like a pretty simple regex.


--
Per Jessen, Zürich (3.9°C)
http://www.cloudsuisse.com/ - your owncloud, hosted in Switzerland.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Ashley Sheridan
Re: [PHP] Password filter
January 12, 2018 07:10PM
On January 12, 2018 5:44:25 PM UTC, Per Jessen <[email protected]> wrote:
>Tedd Sperling wrote:
>
>> Hi Gang:
>>
>> Does anyone have a password filter? IOW, a routine/function where it
>> rejects any password that does not conform to certain rules such as
>> “At least on Capital letter. At least one Number. At least one
>Symbol”
>> and such? I know, I hate those things myself — because I use phrases
>> and it annoys me when these “Know it all” routines stop me from using
>> pass-phrases I like, but I’ve had an order from a client and never
>> argue with a client.
>
>Sounds like a pretty simple regex.

Minimum length should be your only real requirement. Transposing letters for numbers/symbols serves only to make the password harder to remember (and thus end up on a post-it note stuck to the computer) but does little to the amount of time it takes to crack.

Obligatory xkcd reference: https://xkcd.com/936/

Thanks,
Ash

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Tedd Sperling
Re: [PHP] Password filter
January 13, 2018 07:00PM
Ash:

I agree, but tell that to my client.

Cheers,

tedd

> On Jan 12, 2018, at 1:05 PM, Ashley Sheridan <[email protected]> wrote:
>
>
>
> On January 12, 2018 5:44:25 PM UTC, Per Jessen <[email protected]> wrote:
>> Tedd Sperling wrote:
>>
>>> Hi Gang:
>>>
>>> Does anyone have a password filter? IOW, a routine/function where it
>>> rejects any password that does not conform to certain rules such as
>>> “At least on Capital letter. At least one Number. At least one
>> Symbol”
>>> and such? I know, I hate those things myself — because I use phrases
>>> and it annoys me when these “Know it all” routines stop me from using
>>> pass-phrases I like, but I’ve had an order from a client and never
>>> argue with a client.
>>
>> Sounds like a pretty simple regex.
>
> Minimum length should be your only real requirement. Transposing letters for numbers/symbols serves only to make the password harder to remember (and thus end up on a post-it note stuck to the computer) but does little to the amount of time it takes to crack.
>
> Obligatory xkcd reference: https://xkcd.com/936/
>
> Thanks,
> Ash
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php

_______________
tedd sperling
tedd@sperling.com






--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Per Jessen
Re: [PHP] Password filter
January 14, 2018 10:50AM
Tedd Sperling wrote:

> Ash:
>
> I agree, but tell that to my client.
>

if the requirements are really simple, such as those you mentioned in
your OP, a single regex, possibly split into more for clarity, will
suffice.

/[A-Z]/ "must contain at least one upper case"
/[a-z]/ "must contain at least one lower case"
/[0-9]/ number
/[%.;:,_-]/ symbols
/^.{8}/ length>=8

Keep an eye out for whitespace - e.g. trailing.


--
Per Jessen, Zürich (0.8°C)
http://www.cloudsuisse.com/ - your owncloud, hosted in Switzerland.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Tedd Sperling
Re: [PHP] Password filter
January 14, 2018 04:50PM
Per:

Thanks — I think that will do it.

Cheers,

tedd

---

> On Jan 14, 2018, at 4:45 AM, Per Jessen <[email protected]> wrote:
>
> Tedd Sperling wrote:
>
>> Ash:
>>
>> I agree, but tell that to my client.
>>
>
> if the requirements are really simple, such as those you mentioned in
> your OP, a single regex, possibly split into more for clarity, will
> suffice.
>
> /[A-Z]/ "must contain at least one upper case"
> /[a-z]/ "must contain at least one lower case"
> /[0-9]/ number
> /[%.;:,_-]/ symbols
> /^.{8}/ length>=8
>
> Keep an eye out for whitespace - e.g. trailing.
>
>
> --
> Per Jessen, Zürich (0.8°C)
> http://www.cloudsuisse.com/ - your owncloud, hosted in Switzerland.
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

_______________
tedd sperling
tedd@sperling.com






--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Aziz Saleh
Re: [PHP] Password filter
January 14, 2018 05:00PM
On Sun, Jan 14, 2018 at 10:46 AM, Tedd Sperling <[email protected]> wrote:

> Per:
>
> Thanks — I think that will do it.
>
> Cheers,
>
> tedd
>
> ---
>
> > On Jan 14, 2018, at 4:45 AM, Per Jessen <[email protected]> wrote:
> >
> > Tedd Sperling wrote:
> >
> >> Ash:
> >>
> >> I agree, but tell that to my client.
> >>
> >
> > if the requirements are really simple, such as those you mentioned in
> > your OP, a single regex, possibly split into more for clarity, will
> > suffice.
> >
> > /[A-Z]/ "must contain at least one upper case"
> > /[a-z]/ "must contain at least one lower case"
> > /[0-9]/ number
> > /[%.;:,_-]/ symbols
> > /^.{8}/ length>=8
> >
> > Keep an eye out for whitespace - e.g. trailing.
> >
> >
> > --
> > Per Jessen, Zürich (0.8°C)
> > http://www.cloudsuisse.com/ - your owncloud, hosted in Switzerland.
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
>
> _______________
> tedd sperling
> tedd@sperling.com
>
>
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
This pattern should do the trick (taken from SO + modifications):

http://www.rubular.com/r/JJfQkmoDHr
Per Jessen
Re: [PHP] Password filter
January 14, 2018 05:50PM
Aziz Saleh wrote:

> This pattern should do the trick (taken from SO + modifications):
>
> http://www.rubular.com/r/JJfQkmoDHr

Yes, I'm sure it will - also a perfect example of why I suggested
splitting into multiple regexes for clarity :-) It obviously depends
on how well versed you are with regexes.


/Per

--
Per Jessen, Zürich (1.0°C)
http://www.dns24.ch/ - free dynamic DNS, made in Switzerland.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Tedd Sperling
Re: [PHP] Password filter
January 14, 2018 05:50PM
> On Jan 14, 2018, at 10:54 AM, Aziz Saleh <[email protected]> wrote:
>
> This pattern should do the trick (taken from SO + modifications):
>
> http://www.rubular.com/r/JJfQkmoDHr

Most excellent!

Thanks again.

Cheers,

tedd

_______________
tedd sperling
tedd@sperling.com






--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Sorry, only registered users may post in this forum.

Click here to login