using regex for password validation

2QdxY4RzWzUUiLuE at potatochowder.com 2QdxY4RzWzUUiLuE at potatochowder.com
Wed Dec 23 18:20:25 EST 2020 

On 2020-12-24 at 11:41:15 +1300,
dn via Python-list <python-list at python.org> wrote:

> On 24/12/2020 06:03, Sadaka Technology wrote:
> > hello guys,
> > 
> > I have this pattern for password validation (regex):

[...]

> > passwordpattern = "^(?=.[a-z])(?=.[A-Z])(?=.\d)(?=.[@$])[A-Za-z\d@$!%?&]{8,}.$"
> > 
> > my only issue is that I want to add the symbol () and symbol(.) in
> > the pattern where only it accepts $ and @, I tried adding generally
> > like [@_$] not working

[...]

Is it my imagination, or does a password in which the only lower case
letter is at the beginning fail?

> Contrarily, a RegEx may be quite the wrong tool for the job. Partially
> because such expressions are difficult to understand - either someone
> else's code or my own from the proverbial six-months back(!); and
> partially here we're attempting to solve multiple problems in one go.

"[M]ay be quite"?  You are far too kind, dn.

> If our ambitions include dreams of 'world domination', then we can
> extend exactly the same idea of "rule" to the other three routines!
> Whilst we 'start' with (say) the ASCII character definitions of a-z,
> we will *be able* to extend into accented characters such as "ô" -
> which really would promote us to take a rôle on the world-stage.
> (hah!)

If you're going to wander out of ASCII, then don't forget to address
Unicode confusables.  Nothing is more embarrassing than scribbling your
complicated password on a sticky note and then not being able to tell
the o's from the ο's.  ;-)

> If we're going to be nice to our users, from where do we express these
> "rules"? If the rule is hard-coded, then the user-advice must also be
> hard-coded - and what do we say about having 'the same code' in
> multiple locations? (see also "DRY principle"). How could one state
> "the rules" *once*, and in such a fashion that they can be used for UX
> output and a RegEx?

That's the beauty of a regular expression:  it's both human and computer
readable.  Just show the user the regular expression(s) you used.  Oh,
wait.  Sorry.  Scratch that.

Thanks, dn, for saying all of that (including what I snipped) out loud.

More information about the Python-list mailing list