Skip to content

Instantly share code, notes, and snippets.

@DavidGinzberg

DavidGinzberg/PWSpec.md

Last active October 14, 2015 20:59
Show Gist options
  • Save DavidGinzberg/e18828cb843131d35d05 to your computer and use it in GitHub Desktop.
Save DavidGinzberg/e18828cb843131d35d05 to your computer and use it in GitHub Desktop.
Download ZIP
A specification for password validation rules to be implemented as a regex learning exercise
Raw
README.md

Regex Lesson: Password Validation

Regular expressions are commonly used in validating passwords against rules for password complexity. In this exercise the file PWSpec.md has been made to resemble a technical specification in an enterprise software development setting. Given the specification, the goal of this exercise is to implement a function in your language of choice (Java for ZCW students) which takes a string (a single password) as input and validates it against the rules above using regular expression(s). You should also implement a second function which takes a string containing many passords separated by newlines, and validates each of them using the first function, and prints out each password followed by the result (valid or invalid).
Extra Credit: Once finished with these two functions, refactor the validator function so that it can test against either the old or the new password requirements, by adding a second argument to the function.

Raw
PWSpec.md

LMNOP Corp Password Validation Functional Requirement Document (FRD)

Purpose

The purpose of this document is to provide a specification of the technical requirements for enhancement LMNOP-15-04-0010: "Enhanced user password security rules". The business justification for this and other enhancements included in Enterprise Release LMNOP-15-04 can be found in ER1504-Business-Requirements-v3.0-revised-final-final.doc.

Current State

Currently user passwords must meet the following requirement:

  • At least four (4) characters long
  • No more than eight (8) characters long
  • Must contain at least one (1) letter
  • Must contain at least one (1) numeric character

Requirements

New users, and users changing passwords, should be required to meet the following criteria for their password to be accepted by the server:

  • Password must be at least six (6) characters long
  • Password must contain at least one of the following special characters: !@#$%&*()[]{}~.^`=+-:
  • Password must include at least three (3) digits
  • Password cannot begin with the number 0
  • Password must contain a mix of uppercase and lowercase letters
  • Password must not contain three (3) or more of the same character in a row
  • Password must not contain more than six (6) of the same character anywhere
  • Password must be no longer than sixty-four (64) characters long

Risks

  • All existing passwords must be validated against new password rules; users with passwords that do not meet the new criteria should still be able to access their accounts
  • Results of each password validation and users' last password changes will be stored in the accounts database. Standard Database Change Management procedures and risks management apply.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment