Two JS regular expression methods to implement password strength

This article gives two regular expression schemes for password strength, one simple and one more complex and secure. And the analysis and testing procedures of the two solutions are given respectively. Generally, you can define your own password regular conventions based on the actual needs of your project.

Preface

When users register, password regularity verification will be used. To write correct regular expressions, you must first define expression rules.

Option 1 (Simple)

Assume that password verification is defined as follows:

• Shortest 6 digits, up to 16 digits {6,16}

• can include lowercase letters [a-z] and uppercase letters [A-Z]

• Can contain numbers [0-9]

• Can contain underscores [_] and minus signs [-]

According to the above rules, it is easy The definition of regular literals is given as follows:

var pattern = /^[\w_-]{6,16}$/;

Analysis of Scheme 1

Literals/ /

The literal of a regular expression is defined as the characters contained between a pair of slashes (/), for example:

var pattern = /s$/;

The above literal matches all A string ending with the letter "s".

Character class [ ]

Put characters in square brackets to form a character class. A character class can match any character it contains. Therefore, the regular expression /[abc]/ matches any of the letters "a", "b", or "c".

Character classes can use hyphens to represent character ranges. To match Latin lowercase letters use /[a-z]/ .

Character class \w

Character class \w matches any word composed of ASCII characters, equivalent to [a-zA-Z0-9].

[\w_-] means matching any Latin uppercase and lowercase letters, numbers plus underscores and minus signs.

Repeat {}

Use { } in regular expressions to represent the number of times an element repeats.

• {n,m} Match the previous item at least n times, but not more than m times

• {n,} Match the previous item n times or more

• {n} matches the previous item n times

• 
  

[\w_-]{6,16} means matching any Latin uppercase and lowercase letters, numbers plus underscores and minus signs appearing at least 6 times and at most 16 times.

Matching position

^ Matches the beginning of the string, in multi-line retrieval, matches the beginning of a line
$ Matches the end of the string, in multiple lines During retrieval, match the end of a line
/^\w/ and match strings starting with uppercase and lowercase letters or numbers.

Option 1 test

The test results are given as follows:

var pattern = /^[\w_-]{6,16}$/;
pattern.test('123456') = true;
pattern.test('-ifat33') = true;
pattern.test('42du') = false;
pattern.test('du42du42du42du421') = false;
pattern.test('42du42@') = false;

View Source code

According to the test results, it can be seen that Solution 1 only briefly limits the password and cannot guarantee the strength of the password and the security of the account.

Option 2 (Security)

Assume that password verification is defined as follows:

• Shortest 6 digits, up to 16 digits {6,16}

• must contain 1 number

• must contain 2 lowercase letters

• Must contain 2 uppercase letters

• Must contain 1 special character
  

According to the above Rules, it is easy to give the definition of regular literals as follows:

var pattern = /^.*(?=.{6,16})(?=.*\d)(?=.*[A-Z]{2,})(?=.*[a-z]{2,})(?=.*[!@#$%^&*?\(\)]).*$/;

Analysis of Solution 2

##Character class.

Character class. Represents any character except newlines and other Unicode line terminators.

Forward lookahead assertion (?= )

Add an expression between the symbols "(?=" and ")", it is a lookahead assertion, Used to indicate that expressions within parentheses must match correctly. For example: /Java(?=\:)/ can only match Java and is followed by a colon.

(?=.*[!@#$%^&*?\(\)])

This lookahead assertion indicates that a special character must be included. The 10 special characters in the above expression are the upper shift key characters of the keyboard 1, 2...0, and other special characters can also be added. Note: If the added character has special meaning in the regular expression, you need to escape it with a backslash (\) before the symbol.

Option 2 test

The test results are given as follows:

var pattern = /^.*(?=.{6,16})(?=.*\d)(?=.*[A-Z]{2,})(?=.*[a-z]{2,})(?=.*[!@#$%^&*?\(\)]).*$/;
pattern.test('du42DU!') = true;
pattern.test('duDUd!') = false;
pattern.test('42dud!') = false;
pattern.test('42DUD!') = false;
pattern.test('42duDU') = false;
pattern.test('42duU(') = false;
pattern.test('42dUU!') = false;

Related Recommended:

Detailed explanation of JS native objects and regular expressions

JavaScript regular expression tips

Summary of PHP regular expressions

The above is the detailed content of Two JS regular expression methods to implement password strength. For more information, please follow other related articles on the PHP Chinese website!