3

I was wondering if there's a built-in method in C# .NET framework to check if a string, representing a new user password is too simple?

For instance, stuff like "1234" or "qwerty" or "33333" is too simple.

PS. I obviously can code all this myself. I was just curious, if there's something built into the platform that can do this for me before I begin.

taudorf
  • 783
  • 3
  • 9
  • 27
ahmd0
  • 16,633
  • 33
  • 137
  • 233
  • 1
    No there is not. There are some encryption classes though that require keys to be under certain conditions but i quess thats missing the point... – Polity Feb 20 '12 at 10:02
  • 1
    See also [How do you compute password complexity?](http://stackoverflow.com/questions/392928/how-do-you-compute-password-complexity) and [What is the best way to check the strength of a password?](http://stackoverflow.com/questions/75057/what-is-the-best-way-to-check-the-strength-of-a-password) – Justin Feb 20 '12 at 10:14

4 Answers4

2

You can use the MembershipProvider.PasswordStrengthRegularExpression property in combination with the MinRequiredPasswordLength and MinRequiredNonAlphanumericCharacters to make sure the password meets your specific needs.

James Hull
  • 3,669
  • 2
  • 27
  • 36
1

there is no built-in method in C# but you can easily setup a regular expression that checks:

At least 7 chars At least 1 uppercase char (A-Z) At least 1 number (0-9) At least one special char

public static bool IsPasswordStrong(string password)
{
    return Regex.IsMatch(password, @"^.*(?=.{7,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[^a-zA-Z0-9]).*$");
}
Vivien Adnot
  • 1,157
  • 3
  • 14
  • 30
  • Sorry, but what does @ mean in front of the string? – ahmd0 Feb 20 '12 at 10:15
  • 4
    -1 for bad policy. It allows many weak passwords, and even worse, it rejects many strong passwords. For example it'd reject my truecrypt password, and that has an entropy of about 80 bits. – CodesInChaos Feb 20 '12 at 10:25
  • @ahmod0 '@' indicates a verbatim string literal which tells the compiler to ignore escape characters in the string. Read here http://msdn.microsoft.com/en-us/library/362314fe.aspx for more info. – James Hull Feb 20 '12 at 10:34
  • @Bigfellahull thanks for pointing it out. I was too trying to understand what he meant in that regexp. Since regexps are also used in your solution, can you suggest a "good" regexp? – ahmd0 Feb 20 '12 at 10:41
  • I can't I'm afraid. It would depend entirely on your circumstances. Plus I am not that strong with reg ex. I think you would be best off asking another question specifically about the reg ex which you can then use with the PasswordStrengthRegularExpression property I suggested. – James Hull Feb 20 '12 at 13:56
0

You can use regular expressions to define a complexity format for your password

CiccioMiami
  • 8,028
  • 32
  • 90
  • 151
0

What you can do is use a Regular Expression validator to make sure that it contains atleast one special character (or whatever you have in mind).

Ebad Masood
  • 2,389
  • 28
  • 46