Kizeo Forms - Tutorials

Create regular expressions to check the complexity of passwords!

Written by Sarah Marivaux | Feb 6, 2017 5:00:00 AM

One of the fundamental points of computer security is the password. It may be useful to help administrators and group leaders by encouraging them to use a complex passwords. These steps below will help you create a process more secure with regular expression (or Regex). The code presented would then be used for letting the user change their passwords.

Presentation :

The key to strong password construction comes down to a combination of length, complexity, and randomness (lowercase or uppercase characters, digits and special symbols). Using Regex will help you to set your password. If you are not familiar with regular expressions, do not worry. We will decompose the string.

/^(?=.*[A-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[$@])(?!.*[iIoO])\S{6,12}$/

  • /^ Start of the string.
  • (?=.*[A-z]) must contains a characters (lowercase or uppercase characters).
  • (?=.*[a-z]) must contains one lowercase characters.
  • (?=.*[A-Z]) must contains one uppercase characters.
  • (?=.*[0-9]) must contains one digit from 0-9.
  • (?=.*[$@]) must contains one special symbols in this list $ and @.
  • (?!.*[iIoO]) match any charcuter except i I o and O.
  • \S{6,12} length at least 6 characters and a maximum of 12.
  • $/ End of the string.

Whole combination is means: 6 to 12 characters string with at least one digit and  one upper case letter  ( except i I o and O), one special symbol ("@$"). This regular expression pattern is very useful to implement a strong and complex password.

Note: The grouping formula order does not matter.

Do not forget, if you are already familiar with the Regex syntax, you can  edit your own regular expression directly! Below are a few more examples:

  • /^0[,.]([1-8]\d|90)$/ :  The value must be between 0.10 and 0.90.
  • /^22[,.]([1-9])$/ : the value must be between 22.1 and 22.9.
  • /^(1[8-9]|2[0-4])$/ : the value must be 18 and 24.
  • /^(3([.,]\d{1,2})?|4([.,]0{1,2})?)$/ : the value must be in 3 and 4, taking into account decimals.

Can you guess this string?

/^(?=.*[A-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[*_%$@])(?!.*[pPoO])\S{6,}$/

Configuration:

Go to the Administration Interface ->My account settings->Password policy

 
 
Here you can:
  • Prohibit users from changing their passwords
  • Write your regular expression
  • Add user information if entry errors
  • Allow two-factor authentification
Note: The default password should have at least 3 characters and a maximum of 20.
 
Do not forget to click on  Confirm!

You can also enable two factor authentification:

To enable two factor authentification,
  • Check the allow two factor authentification box.
  • Go the profile page
  • Click on double authentication option and click on activate
  • Download the google authenticator application, scan the code and enter the code by the google authenticator
  • Once these steps are complete, every time you log in, you will be asked to enter the code generated on the google authenticator app in addition to the user ID, password and company code.