ASP.net PasswordStrengthRegularExpression，以防止使用诸如"11111"之类的常见密码.或"123456" [英] ASP.net PasswordStrengthRegularExpression to prevent common passwords like "11111" or "123456"

问题描述

一个客户要求我阻止用户键入通用密码，但允许他们仅使用字母数字密码.

A customer asked me to prevent users from typing common passwords, but permit them to use only alphanumeric passwords.

您知道要在内置PasswordStrengthRegularExpression选项中使用的正则表达式吗?

Do you know a regular expression to use in the built in PasswordStrengthRegularExpression option?

编辑:我知道这很模糊，我告诉客户了.定义就像

Edit: I know is pretty vague, and that what I told the client. The definition is something like

• 同一字符的连续字符不能超过3次(1111、2222等)
• 不允许上升或下降趋势(12345，abcde，6543等)

推荐答案

对正则表达式的要求太高了.您可以很容易地覆盖重复字符的内容:

That's asking way too much from a regex. You could cover the repeated characters thing easily enough:

^(?:(.)(?!\1\1)){6,}$

但是，禁止运行顺序字符的唯一方法是枚举所有可能性:

But the only way to disallow runs of sequential characters would be to enumerate all the possibilities:

^(?:(?!123|234|345|456|567|678|789).)*$

...无限.我认为您最好的做法是要求复杂的字符类型组合-例如，至少两个大写字母，小写字母和数字:

...ad infinitum. I think the best you can do is require a complex mix of character types--for example, at least two each of uppercase letters, lowercase letters and digits:

^(?=(?:[^0-9]*[0-9]){2})
 (?=(?:[^A-Z]*[A-Z]){2})
 (?=(?:[^a-z]*[a-z]){2})
 (?:([A-Za-z0-9])(?!\1\1)){6,}$

这将迫使用户变得有点创意.

That will force the users to be a little creative.

这篇关于ASP.net PasswordStrengthRegularExpression，以防止使用诸如"11111"之类的常见密码.或"123456"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！