Rails validation make sure your user passwords are strong

By Alastair | August 12, 2006

Most user created passwords are astoundingly weak (’12345′, ‘mypass’). How do you make them stronger? Don’t give them a choice!

Here’s how to validate a password in RoR to make sure it’s strong using a regular expression (regex).
In your model add a custom validate method (after the regular validation) that adds an error unless the password is valid.

The ‘password_validate?’ method

def password_valid? self.password =~ /^(?=.*d)(?=.*[a-z])(?=.*[A-Z])(?!.*s).{8,15}$/ end

In this case the regular expression /^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?!.*\s).{8,15}$/ is checking that the password is 8-15 characters long ‘.{8,15}’, and it contains at least one uppercase letter ‘(?=.*[A-Z])’ and one digit ‘(?=.*\d)’. Actually it also checks for at least one lowercase letter as well ‘(?=.*[a-z])’ but most users usually include that, it also checks that there’s no funky characters ‘(?!.*\s)’

This entry was posted in RegEx, Ruby on Rails. Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

3 Comments

Hank

Posted February 16, 2007 at 3:41 am | Permalink

validates_format_of :password, /^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?!.*\s).{8,15}$/
mb

Posted September 29, 2007 at 9:01 pm | Permalink

I think the dot(.) in the funky char set must be escaped (like \.).
Mikhailov

Posted January 6, 2009 at 4:42 am | Permalink

I’ve wrote an article about generate random password before user has been saved
Please take a look:
http://railsgeek.com/2009/1/6/generate-random-password-in-rails

One Trackback

By GeoLabs » Links for January 31st through June 26th on June 27, 2007 at 1:58 pm

[...] Vixiom Axioms Â» Rails validation make sure your user passwords are strong – [...]

Rails validation make sure your user passwords are strong

3 Comments

One Trackback

Post a Comment

Search

Pages

Categories

Archives

Blogroll

RSS Feeds

Meta