Reputation: 1753
Password security requirements - exclude commonly used words and keybord patterns
I would like to ask if there is any recommended approach how to enforce following password policy requirements
- exclude commonly used words in passwords
- exclude keyboard patterns (like QWERTY789)
At the moment I use just regular expression to specify the complexity of passwords. What is the best / recommended approach to implement this?
Upvotes: 1
Views: 773
Answers (2)
Reputation: 2277
For a list of passwords you want to exclude, Bloom filter is a good choice. Bloom filter is used to test whether an element is a member of a set. In your case, the set is the list of passwords you want exclude and the element is a given input. The advantage of Bloom filter is its speed; the complexity of a test operation is O(1). The drawback is that false positive matches are possible (but no false negative). However the possibility of false positive can be configured.
If the given input pass the Bloom filter, then test it by regex for other patterns. If the input cannot pass, just reject it.
Upvotes: 1
Reputation: 1887
If there's a list of words you want to exclude, then regex probably isn't the right thing. you want to set up a list of invalid words, and check the input to see if it contains one of the excluded ones. Regex is suitable for things like "Password must not contain repeated numbers, e.g. 11, 22, 33", "the password should not contain repeated text of 3 or more characters, e.g. abcabc" etc
Upvotes: 0
Related Questions
- Reference - Password Validation
- Match typical password patterns in a text
- Blacklist word in RegExp statement
- Regex (regular expression) for password validation
- Regex for password requirements, no trailing whitespace
- Password Regular Expression
- Regular Expression Password Requirments and optional requirements
- Need regex for password requirements
- Password validation Regular expression
- Regex for password requirements