ASP.net PasswordStrengthRegularExpression,以防止使用诸如"11111"之类的常见密码.或"123456" [英] ASP.net PasswordStrengthRegularExpression to prevent common passwords like "11111" or "123456"
问题描述
一个客户要求我阻止用户键入通用密码,但允许他们仅使用字母数字密码.
A customer asked me to prevent users from typing common passwords, but permit them to use only alphanumeric passwords.
您知道要在内置PasswordStrengthRegularExpression
选项中使用的正则表达式吗?
Do you know a regular expression to use in the built in PasswordStrengthRegularExpression
option?
编辑:我知道这很模糊,我告诉客户了.定义就像
Edit: I know is pretty vague, and that what I told the client. The definition is something like
- 同一字符的连续字符不能超过3次(1111、2222等)
- 不允许上升或下降趋势(12345,abcde,6543等)
推荐答案
对正则表达式的要求太高了.您可以很容易地覆盖重复字符的内容:
That's asking way too much from a regex. You could cover the repeated characters thing easily enough:
^(?:(.)(?!\1\1)){6,}$
但是,禁止运行顺序字符的唯一方法是枚举所有可能性:
But the only way to disallow runs of sequential characters would be to enumerate all the possibilities:
^(?:(?!123|234|345|456|567|678|789).)*$
...无限.我认为您最好的做法是要求复杂的字符类型组合-例如,至少两个大写字母,小写字母和数字:
...ad infinitum. I think the best you can do is require a complex mix of character types--for example, at least two each of uppercase letters, lowercase letters and digits:
^(?=(?:[^0-9]*[0-9]){2})
(?=(?:[^A-Z]*[A-Z]){2})
(?=(?:[^a-z]*[a-z]){2})
(?:([A-Za-z0-9])(?!\1\1)){6,}$
这将迫使用户变得有点创意.
That will force the users to be a little creative.
这篇关于ASP.net PasswordStrengthRegularExpression,以防止使用诸如"11111"之类的常见密码.或"123456"的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!