Recently I was needed to create a password strength validator, which will basically info user how strong is the entered password. There are different standards for the strong password, I decided to go on with these:
- Must contain eight characters or more
- Should not contain spaces
Previous two are required criteria, it means that if the entered password doesn't match this requirements it is not valid.
Contain characters from one or more of the following three character classes:
- Alphabetic (e.g., a-z, A-Z)
- Numeric (i.e. 0-9)
- Punctuation and other characters (e.g., !@#$%^&*()_+|~-=\`{}[]:";'<>?,./)
It is pretty easy to validate password based on those requirements, but sometimes we don't want requirements to be hard-coded. That's why I decided to store requirements as regular expressions. You can store each requirement as a separate reg exp in DB, you can also store additional "required" flag (if password doesn't match required criteria it is invalid). In my demo regular expressions are hard-coded, but they can be easily retrieved from DB.
