using regex for password validation

dn PythonList at DancesWithMice.info
Wed Dec 23 20:28:24 EST 2020 

On 24/12/2020 12:20, 2QdxY4RzWzUUiLuE at potatochowder.com wrote:
> On 2020-12-24 at 11:41:15 +1300,
> dn via Python-list <python-list at python.org> wrote:
>> On 24/12/2020 06:03, Sadaka Technology wrote:
>>> hello guys,
>>>
>>> I have this pattern for password validation (regex):
> 
> [...]

> Is it my imagination, or does a password in which the only lower case
> letter is at the beginning fail?

As mentioned, I don't use RegEx so-often and rely upon a crib-sheet. 
What I could?should have added, is that there are many web-sites which 
enable one to enter a RegEx and some sample data, for immediate 
verification. Very handy!


>> Contrarily, a RegEx may be quite the wrong tool for the job. Partially
>> because such expressions are difficult to understand - either someone
>> else's code or my own from the proverbial six-months back(!); and
>> partially here we're attempting to solve multiple problems in one go.
> 
> "[M]ay be quite"?  You are far too kind, dn.

The people on this list often help me, so...


Whereas I prefer to use str.functions, others may have their own 
opinion. To some degree it's one of those 'horses for courses' 
situations - and as illustrated, if the specs are tightened a bit 
further, it may well be that a 'minimum of two upper-case characters' 
rule would be easier to check with a RegEx!


>> If our ambitions include dreams of 'world domination', then we can
>> extend exactly the same idea of "rule" to the other three routines!
>> Whilst we 'start' with (say) the ASCII character definitions of a-z,
>> we will *be able* to extend into accented characters such as "ô" -
>> which really would promote us to take a rôle on the world-stage.
>> (hah!)
> 
> If you're going to wander out of ASCII, then don't forget to address
> Unicode confusables.  Nothing is more embarrassing than scribbling your
> complicated password on a sticky note and then not being able to tell
> the o's from the ο's.  ;-)

Ök!


>> If we're going to be nice to our users, from where do we express these
>> "rules"? If the rule is hard-coded, then the user-advice must also be
>> hard-coded - and what do we say about having 'the same code' in
>> multiple locations? (see also "DRY principle"). How could one state
>> "the rules" *once*, and in such a fashion that they can be used for UX
>> output and a RegEx?
> 
> That's the beauty of a regular expression:  it's both human and computer
> readable.  Just show the user the regular expression(s) you used.  Oh,
> wait.  Sorry.  Scratch that.
> 
> Thanks, dn, for saying all of that (including what I snipped) out loud.


I've finished 'official work' for the year - compliments of the season!
-- 
Regards =dn

More information about the Python-list mailing list