This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Talk:OWASP Proactive Controls"
(Proposal for a regular expression for passwords) |
m |
||
| Line 1: | Line 1: | ||
| + | Thomas: Very interesting, move this here? https://www.owasp.org/index.php/OWASP_Validation_Regex_Repository | ||
| + | |||
| + | *** | ||
| + | |||
Hi Jim, | Hi Jim, | ||
Revision as of 21:02, 18 July 2014
Thomas: Very interesting, move this here? https://www.owasp.org/index.php/OWASP_Validation_Regex_Repository
Hi Jim,
When looking at your your project page, maybe I have something, that you might be interested in.
A while ago, Torsten figured out how to write the password policy of Windows (3 out of 4) as an regular expression:
^(?:(?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))(?!.*(.)\1{2,})[A-Za-z0-9!~<>,;:_=?*+#."&§%°()\|\[\]\-\$\^\@\/]{8,32}$
A short explanation:
password length 8 -32 Character set: -Za-z0-9!/~<>,;:_=?*+-#."&§$%^°()[]|@ at least 3 out 4 (uppercase and lowercase letters, numbers and special characters) no more than 2 equal characters in a row (that's not Windows)
More on your document maybe later.
Best Regards, Thomas
