1

I have some code that currently checks for minimum and maximum lentgh. I want to also require uppercase, lowercase, special char, and numeric. Any suggestions on what to add to this or where I can find some examples? I've been Googling and looking thru this forum and have been trying to add the additional password requirments and have been unsuccessful.

This is what I want to require.

At least eight characters in length No more than 20 characters in length at least lower-case letter and one upper-case at least one special character from: !@#$%^&*()~`-=_+[]{}|:";',./<>? at least one number [0-9] character Cannot match the account login name or email address

My current password validation code

public static final int MIN_PASSWORD_LENGTH = 8;
public static final int MAX_PASSWORD_LENGTH = 20;

public static boolean isAcceptablePassword(String password)
{
    if(TextUtils.isEmpty(password))
        return false;

    int len = password.length();

    if(len < MIN_PASSWORD_LENGTH || len > MAX_PASSWORD_LENGTH)
        return false;

    for(int i = 0; i < len; i++)
    {
        char c = password.charAt(i);
        if (Character.isWhitespace(c))
            return false;
    }

    return true;
}
rick
  • 13
  • 1
  • 1
  • 3
  • 3
    So why don't you just implement your requirements? – Stephen C Apr 01 '12 at 06:34
  • possible duplicate of [Password strength checking library](http://stackoverflow.com/questions/3200292/password-strength-checking-library) – Stephen C Apr 01 '12 at 06:36
  • ? As I already mentioned I have tried without success. How do I implement that? I am a web designer, not a java programmer but I am trying to edit some code for new requirements. – rick Apr 01 '12 at 06:50
  • As an aside: It might seem counter-intuitive, but adding more restrictions to the password actually makes it less secure, as people tend to enter passwords of the form Capitalisedword1!. Just set a minimum length of 8 characters and be done with it. – Trasvi Apr 01 '12 at 12:09
  • @rick - *"I am a web designer, not a java programmer"* - You either need to improve your Java programming skills, or find a Java programmer you can subcontract tasks like this to. Right now, this question sounds like you want someone else to do your job for you ... for free. That's not what SO is intended to be for. – Stephen C Apr 01 '12 at 16:02
  • I have spent a good amount of time trying to edit the code checking on google and in books. The reason I'm tackling this is because I have also been contacting all of the java programmers that I have worked with before that I can trust with our system since it involves credit cards, user accounts, email etc. and they are too busy at the moment and I have to fix this before the 3rd party company involved enforces the requirement. I'm not just looking for someone to do it for me. I did also did ask for examples and not for someone to do it all for me. thank you very much! – rick Apr 01 '12 at 19:20

3 Answers3

4

When you're analyzing String data, you should erase the whitespaces on the right and left. This is done by the Strimg#trim function like this:

password = password.trim();

To analize every character of the String, you can transform it to a char array, so it will be easier to fulfill your requirements:

char[] arrPassword = password.toCharArray();

Now you can evaluate a char using these functions: Character#isUpperCase, Character#isLowerCase, Character#isDigit.

Last but not least, you can have a String with the special characters you need to check, and check if the actual character you're evaluating is inside that String. This could be achieved using String#indexOf and String#valueOf, this las one to convert the char to a String type.

Here is a code sample for all this explanation:

public static final String SPECIAL_CHARACTERS = "!@#$%^&*()~`-=_+[]{}|:\";',./<>?";
public static final int MIN_PASSWORD_LENGTH = 8;
public static final int MAX_PASSWORD_LENGTH = 20;

public static boolean isAcceptablePassword(String password) {
    if (TextUtils.isEmpty(password)) {
        System.out.println("empty string.");
        return false;
    }
    password = password.trim();
    int len = password.length();
    if(len < MIN_PASSWORD_LENGTH || len > MAX_PASSWORD_LENGTH) {
        System.out.println("wrong size, it must have at least 8 characters and less than 20.");
        return false;
    }
    char[] aC = password.toCharArray();
    for(char c : aC) {
        if (Character.isUpperCase(c)) {
            System.out.println(c + " is uppercase.");
        } else
        if (Character.isLowerCase(c)) {
            System.out.println(c + " is lowercase.");
        } else
        if (Character.isDigit(c)) {
            System.out.println(c + " is digit.");
        } else
        if (SPECIAL_CHARACTERS.indexOf(String.valueOf(c)) >= 0) {
            System.out.println(c + " is valid symbol.");
        } else {
            System.out.println(c + " is an invalid character in the password.");
            return false;
        }
    }
    return true;
}

The System.out.println(c + " is an invalid character in the password."); sentence is just to check the result of analyze the actual character.

Luiggi Mendoza
  • 85,076
  • 16
  • 154
  • 332
2

How about some good old regular expressions? This seems to work correctly, although might have made slip in the escaping for special char check 

Pattern[] checks = {
        Pattern.compile("[!@#\\$%^&*()~`\\-=_+\\[\\]{}|:\\\";',\\./<>?]"),
        Pattern.compile("\\d+"), 
        Pattern.compile("[A-Z]+"),
        Pattern.compile("[a-z]+"), 
        Pattern.compile("^.{8,20}$") };

for (String test : new String[] { "password", "Password1",
        "Password1&", "toolongtoolongtoolong" }) {
    boolean ok = true;
    for (Pattern check : checks) {
        ok = ok && check.matcher(test).find();
    }
    System.out.println(test + " " + ok);
}
Adam
  • 35,919
  • 9
  • 100
  • 137
0

Stephen is right with a bit of searching you would have found your answers easily around here. But the thread Stephen refers to is using a thirdparty library.

If you want to implement this yourself then before starting the for-loop initialize 4 booleans for your requirements with false. While looping check for all four requirements until one is true. Set the corresponding boolean to true.

How to check the 4 requirements:

  • The length req you already implemented.
  • Character(yourChar).isLowerCase()
  • Character(yourChar).isUpperCase()
  • Special character: see here: Java String Special character replacement - you can choose a similar approach

After the loop check for the 4 booleans and react accordingly.

Community
  • 1
  • 1
Michael
  • 131
  • 5