PHP Classes

What makes valid passwords

Recommend this page to a friend!

      Password format validator  >  All threads  >  What makes valid passwords  >  (Un) Subscribe thread alerts  
Subject:What makes valid passwords
Summary:Match validator to Common Criteria?
Author:Christopher Turner
Date:2006-03-22 08:28:48
Update:2006-03-22 10:12:18

  1. What makes valid passwords   Reply   Report abuse  
Picture of Christopher Turner Christopher Turner - 2006-03-22 08:28:48
The implementation is a good concept, but needs to be changed to match Common Criteria.

In general, Strong Passwords are at least eight characters in length; have a combination of at least three character classes; are not found in common dictionaries or predictable phrases; and don't match the owner's NetID or name.

Another policy that is risky if the web implementation is not rock-solid at both ends (https and a well-guarded server/database) is one ensuring that the password does not match any of the last 'n' passwords. The encryption key(s) and/or passphrases must be secured in such a way that someone who knows the algorithms and has access to the data is still facing a huge task to crack the database.

  2. Re: What makes valid passwords   Reply   Report abuse  
Picture of Mick Sear Mick Sear - 2006-03-22 10:12:18 - In reply to message 1 from Christopher Turner
Hi Chris,

The class can be configured to require whatever character limits your organisation needs. For example, your definition of a strong password is eight characters in length. The class can be configured to require that. If you require checks to be made to make sure it's not the same as previous passwords, of course, that's something you need to implement yourself.

If you need dictionary checking, etc., then either extend this class or use a different one. I don't pretend that this is the 'ultimate' password checking class, just one that suits my needs.

Feel free to extend it and publish your updates if you think that your improvements will help others.


For more information send a message to info at phpclasses dot org.