Rails validation make sure your user passwords are strong
Most user created passwords are astoundingly weak (’12345′, ‘mypass’). How do you make them stronger? Don’t give them a choice!
Here’s how to validate a password in RoR to make sure it’s strong using a regular expression (regex).
In your model add a custom validate method (after the regular validation) that adds an error unless the password is valid.
The ‘password_validate?’ method
In this case the regular expression /^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?!.*\s).{8,15}$/ is checking that the password is 8-15 characters long ‘.{8,15}’, and it contains at least one uppercase letter ‘(?=.*[A-Z])’ and one digit ‘(?=.*\d)’. Actually it also checks for at least one lowercase letter as well ‘(?=.*[a-z])’ but most users usually include that, it also checks that there’s no funky characters ‘(?!.*\s)’
Like this post? subscribe to the feed.
validates_format_of :password, /^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?!.*\s).{8,15}$/
Comment by Hank — February 16, 2007 @ 3:41 am
[…] Vixiom Axioms » Rails validation make sure your user passwords are strong - […]
Pingback by GeoLabs » Links for January 31st through June 26th — June 27, 2007 @ 1:58 pm
I think the dot(.) in the funky char set must be escaped (like \.).
Comment by mb — September 29, 2007 @ 9:01 pm