Checking strings for a strong enough password
Possible Duplicate:
Strong password regex
Need RegEx for password strength?
I was just wondering what the best way to search a string for certain criteria (password strength to be specific) could be accomplished.
So far I have a simple:
if(password.Length <= 7)
{
errorMessage = "Your password must be at least 8 characters.";
}
I would like to be able to check for capital letters, but I am not sure what the method or procedure is. I have tried Googling, searching the website: http://msdn.microsoft.com, and searching the index of my C# book (C# Programming 3E, by Barbara Doyle), but I can't seem to find any.
I know I could try this...:
foreach(char c in password)
{
if(c!='A' || c!='B' || c!='C' || c!='D' ..... || c!='Z')
{
errorMessage = "Your password must contain at least one capital letter";
}
}
...But that would be extremely sloppy, and would have to be doubled to check for at least one lowercase letter. I am sure there is a better way to do this, or at least shorthand for the method I have shown above.
Also, I may decide to check the password for special characters (seems easier to do in the example above than with upper and lower case letters, so I may just use that for special characters, should I decide to make them necessary). If there is an easy (or proper) way to do that, I would love to have that knowledge, as well.
Anyway, thank you so much for any help anyone can give.
Answer
I can't take the credit, as I stole this from here
using System.Text;
using System.Text.RegularExpressions;
public enum PasswordScore
{
Blank = 0,
VeryWeak = 1,
Weak = 2,
Medium = 3,
Strong = 4,
VeryStrong = 5
}
public class PasswordAdvisor
{
public static PasswordScore CheckStrength(string password)
{
int score = 0;
if (password.Length < 1)
return PasswordScore.Blank;
if (password.Length < 4)
return PasswordScore.VeryWeak;
if (password.Length >= 8)
score++;
if (password.Length >= 12)
score++;
if (Regex.Match(password, @"/\d+/", RegexOptions.ECMAScript).Success)
score++;
if (Regex.Match(password, @"/[a-z]/", RegexOptions.ECMAScript).Success &&
Regex.Match(password, @"/[A-Z]/", RegexOptions.ECMAScript).Success)
score++;
if (Regex.Match(password, @"/.[!,@,#,$,%,^,&,*,?,_,~,-,£,(,)]/", RegexOptions.ECMAScript).Success)
score++;
return (PasswordScore)score;
}
}
Note the use of regex for checking for upper case characters. This appears to be a decent approach, as it checks length, use of upper and lower case characters, numeric digits and special characters.
** Update **
I know the question is now closed, but I can add more explanation for VoidKing to understand some of the concepts.
A PasswordScore is returned from the CheckStrength method, which can be used as the condition for what to do next in your code.
Here's an untested demo of how the above code could be used:
String password = "MyDummy_Password"; // Substitute with the user input string
PasswordScore passwordStrengthScore = PasswordAdvisor.CheckStrength(password);
switch (passwordStrengthScore) {
case PasswordScore.Blank:
case PasswordScore.VeryWeak:
case PasswordScore.Weak:
// Show an error message to the user
break;
case PasswordScore.Medium:
case PasswordScore.Strong:
case PasswordScore.VeryStrong:
// Password deemed strong enough, allow user to be added to database etc
break;
}
Enums are used in this case as a means of classifying the strength of the password into human-readable groups. Keeps the code clean, and makes it obvious what is going on in the code.
Regarding the use of Regex's, if you're unfamiliar with the concept of them and how and when to use them, I suggest doing some research as these can be useful in many different scenarios for checking for patterns in strings. Perhaps start here.