I am working on a web interface for creating a new user
profile. Wondering what is the industry standard for
acceptable a user id and password beside being just
alphanumeric (a-zA-Z0-9_)? Actually I am looking for what
are the allowable special characters that can be
used for user id and passwords besides being
alphanumeric in type.
Next, how can I construct such a pattern matching?
Thanks in advance!
# Just add any other valid characters after the \w
if($password =~ /[^\w]/) {
# invalid character supplied
}
As for what characters to allow...are you asking about password strength for heightening security? I'm not aware if there's an industry standard, but I've often seen password schemes that require picking at least 3 different characters classes (where the four classes are often uppercase, lowercase, punctuation and numbers).
I've not heard of any standard for it, but my first thought would be to limit usernames to a-zA-Z0-9_-+ since they are often displayed, and allow anything at all in passwords (with the possible exception of whitespace) so people can have secure passwords.
You might also consider something like Data::Password::Check, although, while it looks like a good starting point, it could do with extra features (such as "password not based on a dictionary word". I don't know if better modules exist for that type of thing.
special characters along with being alphanumeric
How can achieve this pattern matching for 1 to many
occurences of such acceptable characters?
Thanks!
No alphanumeric character is an XML special character or a whitespace character, so having those additional constraints makes no difference.
Just test that it is alphanumeric; taking the hyphan and underscore out of my previous regex will give you that.
Some thoughts on choosing passphrases may be found here.
Please do not keep posting the same question again and again, expecting such action to speed responses.
HTH,
If you're going to ask a user to remember something in order to use your site, you should let them put in anything that's easy for them to remember and they feel is secure, and make sure your system deals with weirdness appropriately (for example by appropriately escaping parts that may be confusing to a Web browser or a database).
In other words, my advice is: do more work coding so your users can be lazy, instead of being lazy so your customers have to do more work remembering.
For passwords, I think you should allow anything the user wants to use, because no-one but the user will see or have to type it. Username is a bit more difficult.
I would accept anything the user can type. Ideally you'll be hashing it before storing it anyway.
Let them make it an entire sentence if they wish. You may involve certain minimum requirements, like must contain an upper case character, or must contain at least one number, must be 6+ characters in length.
Lately I've ran into a few places I started to sign up to, and gave up. Why? The password. They wanted 6-8 characters in length (9 is too long), containing at least one upper case character, and one number. 9, 10, 12 or more characters, and I could have came up with something I can remember that contained a upper case character and a number. With exactly 6-8 characters, I couldn't come up with anything I thought both complex enough, yet easy enough to remember that I wouldn't have to resort to writing it on a sticky note and attaching it to my monitor.