Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Force User to enter Complex password

Posted on 2007-11-21
7
1,064 Views
Last Modified: 2013-11-17
I am using Boralnd Builder 6 to make an application that requires a user login. Currently I am forcing the user to enter a password longer than 5 characters. But I would like to enfore a complex password to be entered is there any easy ways of checking this
0
Comment
Question by:enSynergy
7 Comments
 
LVL 25

Expert Comment

by:imitchie
ID: 20326947
use Local Security Policy in Administrative Tools
0
 
LVL 25

Expert Comment

by:imitchie
ID: 20326951
wrong post. pls ignore
0
 
LVL 16

Accepted Solution

by:
George Tokas earned 500 total points
ID: 20327512
First of all you have access to the password itself using: AnsiString S = EditBox->Text;
So you have the password to an AnsiString....
You can check the pressence of any special character using AnsiPos(substring,source)
The special characters you want to enforce using are in sertain increment positions of the ascii table...
So with a few loops you can check out if the rules you want to enforce applies...

George Tokas.
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 25

Expert Comment

by:kode99
ID: 20354173
Out of interest here's what MS considers 'strong passwords',

http://support.microsoft.com/kb/161990/EN-US/

To implement this is fairly easy by creating a set of strings matching the groups of characters and then checking these groups agains each letter of the password.  Not a whole lot of looping to do.

Anyway heres a rough example to match the MS requirement,

 bool TForm1::PasswordCheck(AnsiString sPassword)
 {
  // so make your gouprings
   AnsiString Group1 = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
   AnsiString Group2 = "abcdefghijklmnopqrstuvwxyz";
   AnsiString Group3 = "0123456789";
   AnsiString Group4 = "`~!@#$%^&*()_-+=|<>,.?";

   bool IsValid = true;
   int i = 1;
   int G1 = 0, G2 = 0, G3 = 0, G4 = 0;

  // scan password character contents and count valid characters
   while((i < (sPassword.Length()+1))&&(IsValid == true))
   {
     if(Group1.Pos(sPassword.SubString(i,1)) != 0)  G1++;
     if(Group2.Pos(sPassword.SubString(i,1)) != 0)  G2++;
     if(Group3.Pos(sPassword.SubString(i,1)) != 0)  G3++;
     if(Group4.Pos(sPassword.SubString(i,1)) != 0)  G4++;
     i++;
   }

  // Check for disqualification for length of 6 characters
  // or using invalid characters that are not in our groups
   if(((G1+G2+G3+G4) != sPassword.Length())
      ||(sPassword.Length() < 6))
    IsValid = false;

  // check for 3 out of the 4 groups being used as MS does
   if(G1 > 0) G1 = 1;
   if(G2 > 0) G2 = 1;
   if(G3 > 0) G3 = 1;
   if(G4 > 0) G4 = 1;

   if((G1+G2+G3+G4) < 3)
     IsValid = false;

  //check for username or other words,  could also check for previous
  //passwords or other words by looping through a string list.
  // just check user name - be sure to match the case so force lower or upper
  // for both the password and the username
   if(sPassword.LowerCase().Pos(<username>) != 0)
     IsValid = false;

   return IsValid;
 }

Worth noting that people can still do some pretty bad passwords even within this framework.  For example 'Hello1' or 'Hello!' would still pass as it has 3 of the 4 groups.  This could be caught with a word list check like the user name.  Something like 'He!!o.' is somewhat harder to catch though.
0
 
LVL 18

Expert Comment

by:JoseParrot
ID: 20364886
Hi,

As per kode99's effective comment, the rules for passwords are:
- Character must be in one of the 4 given sets
- Password must contain characters from at least 3 of such sets
- Password lenght must be at least 6 characters long
- optionally, already used passwords are refused
- optionally, passwords equal to a word in a given list are refused

Additionally, more rules can be applied also, like:
- No repeating characters allowed
      len = password lenght  
      for i=1, len-1
         for j=i+1, len
            if password[i] == password[j]
               then refuse password
- Requirement for a minimum or given number of characters of one or more sets.
  Example: must have at least two uppercase characters.
  In this case, as per kode99's code:
  in place of
      if(G1 > 0) G1 = 1;
  substitute by
      if(G1 <2) IsValid=false;    // refuse password
      else G1=1;

A simple tutorial is also available at
http://www.microsoft.com/protect/yourself/password/create.mspx

Those rules are a practical simplification of a REAL complex password.
For example, the simple string
    inhocsignovinces
will be refused, because it is only lowercase, but is a password very difficult to crack. But for sure requires a very complex code too!

Jose
0
 
LVL 9

Expert Comment

by:Cayce
ID: 20494389
Use a regex

* at least 8 characters
* at least one one lower case letter, one upper case letter, one digit and one special character
* characters -   @#$%^&+=


    ^.*(?=.{8,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=]).*$
0
 
LVL 9

Expert Comment

by:Cayce
ID: 20494457
I keep forgetting that BCB doesnt include regex engine.
There's a ton out there, for instance: http://www.uptime.it/delphi/old/delregex.zip
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Each year, investment in cloud platforms grows more than 20% (https://www.immun.io/hubfs/Immunio_2016/Content/Marketing/Cloud-Security-Report-2016.pdf?submissionGuid=a8d80a00-6fee-4b85-81db-a4e28f681762) as an increasing number of companies begin to…
As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
This tutorial covers a step-by-step guide to install VisualVM launcher in eclipse.
THe viewer will learn how to use NetBeans IDE 8.0 for Windows to perform CRUD operations on a MySql database.

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question