[Sigia-l] Password usability
eric scheid
eric.scheid at ironclad.net.au
Wed Dec 15 07:58:21 EST 2010
I just finished diagnosing a password input validation weirdness, and I
really wonder where some coders get their license.
The user instructions say "A mix of upper case letters, lower case letters,
and numbers, at least 8 characters long"
This was a valid password:
Password1
As was this:
Password1$
And this:
%Password1
But this wasn't valid:
Pas$word1
So ... you can probably imagine some of the hair pulling the call centre
will encounter.
Turns out they were using a rather stupid regex to test which was looking
for 8 _consecutive_ required characters, and allowing anything else anywhere
else.
I told them to change the regex to:
(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9]).{8,}
Why does the UX guy know more about regex than the coders???
e.
More information about the Sigia-l
mailing list