I get a lot of users using really simple passwords like 123456.  Does anyone use a regular expression to force something more complex (e.g. password MUST contain a lower case letter, an upper case letter, a digit, a weird char)?

 

OK, I've done a lot of research, and tests, and I have good news and bad news about making passwords more secure.

First, the GOOD news: the following Regexp can be put in the "password" field and forces the password to be between 4 and 10 characters long, and must have at least 1 uppercase letter (A-Z), at least 1 lowercase letter (a-z) and at least 1 digit (0-9):

/^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{4,8}$/i

Unfortunately, the very BAD news, is that the way SkaDate is coded at the moment means that this Regexp will apply at ALL times users enter a password - e.g. just when signing in normally - and not just when a user CHANGES their password, meaning that all EXISTING passwords which do not conform (=99% of them) will suddenly stop working!!!!  As it currently stands, the password Regexp is actually almost UNUSABLE, because if you change the Regexp, you stop all existing users logging in!!

A suggestion Skadate: make the minor change to the code so that the Regexp is checked ONLY when a user CHANGES their password!  That way, old passwords can stay as they are, but all NEW passwords are forced to the new Regexp.

How about it SkaDate?