A password can be used in a secure system to authorize the user. However, passwords must be difficult to be guessed by unauthorized users. An attacker could use a "dictionary attack" program that would traverse all the words in a dictionary (or multiple dictionaries in different languages) and test whether any word was the user's password. Weak passwords such as "Yankees" or "Mustang" can be quickly guessed. such as "? You ' l1n3vafindmeyep@sswerd! ' The likelihood of such strong passwords being guessed is much smaller. The password protection system should ensure that the user chooses a strong password.
Strong passwords are complex (containing combinations of uppercase, lowercase, numeric, and special characters) and are not words. This example shows how to validate complexity.
Example
Copy Code code as follows:
' <summary>determines If a password is sufficiently complex.</summary>
"<param name=" pwd ">password to Validate</param>
"<param name=" minlength ">minimum number of password characters.</param>
"<param name=" Numupper ">minimum number of uppercase characters.</param>
"<param name=" Numlower ">minimum number of lowercase characters.</param>
"<param name=" Numnumbers ">minimum number of numeric characters.</param>
"<param name=" numspecial ">minimum number of special characters.</param>
' <returns>true if the password is sufficiently complex.</returns>
Function ValidatePassword (ByVal pwd as String, _
Optional ByVal minlength as Integer = 8, _
Optional ByVal numupper as Integer = 2, _
Optional ByVal numlower as Integer = 2, _
Optional ByVal numnumbers as Integer = 2, _
Optional ByVal numspecial as Integer = 2) _
As Boolean
' Replace [A-z] with \p{lu} and to allow for Unicode uppercase letters.
Dim Upper as New System.Text.RegularExpressions.Regex ("[A-z]")
Dim Lower as New System.Text.RegularExpressions.Regex ("[A-z]")
Dim Number as New System.Text.RegularExpressions.Regex ("[0-9]")
' Special is ' none of the ' above '.
Dim Special as New System.Text.RegularExpressions.Regex ("[^a-za-z0-9]")
' Check the length.
If Len (PWD) < minlength Then return False
' Check for minimum number of occurrences.
If Upper. Matches (PWD). Count < Numupper Then return False
If lower. Matches (PWD). Count < Numlower Then return False
If number. Matches (PWD). Count < numnumbers Then return False
If Special. Matches (PWD). Count < numspecial Then return False
' Passed all checks.
Return True
End Function
Sub Testvalidatepassword ()
Dim password as String = "Password"
' Demonstrate that ' Password ' are not complex.
MsgBox (Password & "is complex:" & ValidatePassword (password))
Password = "Z9F%A>2KQ"
' Demonstrate that ' z9f%a>2kq ' are not complex.
MsgBox (Password & "is complex:" & ValidatePassword (password))
End Sub
Compiling code
This method is called by passing a string containing the password.
This sample requires:
Access members of the System.Text.RegularExpressions namespace. If you do not fully qualify member names in your code, add an Imports statement. For more information, see Imports statements (. NET Namespaces and types).
Security
If you want to transfer passwords across the network, you need to use a secure method to transfer the data. For more information, see ASP.net Web application security.
By adding additional complexity checks, you can improve the accuracy of the ValidatePassword function:
Compares passwords and their substrings based on the user's name, user identifier, and application-defined dictionary. In addition, when you perform a comparison, you treat characters that look similar to the same characters. For example, the letters "L" and "E" are treated as the same characters as the number "1" and "3".
If you have only one uppercase character, make sure it is not the first letter of the password.
Make sure that the last two characters of the password are alphabetic characters.
This password is not allowed: all of the symbols are entered through the top row of the keyboard.
