Warning
This package has been deprecated as it is no longer maintained.
A .NET standard library for easy password validation. This library defines 11 predefined checks and an easy way to implement custom checks.
There are 11 predfined checks each representing a password criteria. Each check type is defined as a bit flag. A combination of checks can thus be simply refrenced using a single integer. All predefined check types are defined here.
NIST Special Publication 800-63B
The following are the key takeaways from these guidelines:
- SHALL ensure that passwords are at least 8 characters in length and MAY all be numeric.
- SHALL permit passwords at least 64 characters in length.
- SHALL disallow passwords that appear on a blacklist of commonly-used or compromised values.
- SHOULD not enforce any other constraints.
Checks if the given password is equal to or longer than the required minimum length and equal to or shorter than the maximum allowed length.
Default minimum length: 8
Default maximum length: 128
Changing length bounds example:
validator.MinLength = 10;
validator.MaxLength = 256;
//OR
validator.SetLengthBounds(10, 256);
Checks that the password contains at least one digit.
Checks that the password contains at least one letter. This check supports multiple alphabets. For more information about how we classify a letter see this refrence.
Checks that the password contains at least one symbol.
Checks that the password contains at least one upper- and lower-case letter. This check supports multiple alphabets. For more information about how we classify a letter see this refrence.
Checks if the password contains a number series/sequence equal to or longer than the set length. This length can be updated by setting the EzPasswordValidator.Validators.PasswordValidator.NumberSequenceLength
property (from v2.0.0). By default this has the following values:
Default number sequence length (version < 2.0.0): 3
Default number sequence length (version >= 2.0.0): 4
Both increasing sequences and decreasing sequences are checked.
Example number sequence: 12345 or 987654321
This type has been replaced with digit repetition from v2.0.0
Checks if the password contains number repetition equal to or longer than 3 in a row.
Example number repetition: 444 or 222
Checks if the password contains digit repetition equal to or longer than the set length. This length can be updated by setting the EzPasswordValidator.Validators.PasswordValidator.DigitRepetitionLength
property. By default this has the following values:
Default digit repetition length: 4
Example digit repetition: 4444 or 2222
Checks that the password does not only have numbers in the front and/or end of the password. To pass this check the password must have a non-digit character before and after a digit character, only one digit must match this pattern.
Example invalid password: 2password | password2
Example valid password: 2pass9word | p6ssword
Checks if the password contains an alphabetical letter sequence consisting of a set amount of letters or more. This length can be updated by setting the EzPasswordValidator.Validators.PasswordValidator.LetterSequenceLength
property (from v2.0.0). By default this has the following values:
Default letter sequence length: 4
Note: this check currently only supports ISO basic latin alphabet (A-Z a-z).
Example letter sequence: abcd or bcde
For versions prior to v2.0.0 two three letter sequences where also checked for: abc
and xyz
.
Checks if the password contains letter repetition of a set length or longer. This length can be updated by setting the EzPasswordValidator.Validators.PasswordValidator.LetterRepetitionLength
property (from v2.0.0). Prior to v2.0.0 this check had hardcoded a repetition of 3 or more letters.
Note:
- This check supports multiple alphabets. For more information about how we classify a letter see this refrence.
- This check is not case sensitive meaning 'aAA' and 'aaa' are both classified as letter repetition of length 3.
Example letter repetition: aAAA or bbbb
Checks if the password contains symbol repetition of a set length or longer. This length can be updated by setting the EzPasswordValidator.Validators.PasswordValidator.SymbolRepetitionLength
property (from v2.0.0). Prior to v2.0.0 this check had hardcoded a repetition of exactly 3 symbols.
For more information about how we classify a letter see this refrence.
Example symbol repetiton of length 4: //// or @@@@
There are three main ways to install EzPasswordValidator:
First create a validator. The constructor is overloaded and can take CheckTypes
.
var validator = new PasswordValidator(CheckTypes.Letters | CheckTypes.Numbers | CheckTypes.Length);
This example shows the creation of a validator that checks that a password contains letters, numbers and is within the set length bounds(default length bounds, since it is not explicitly set).
The Validate
method runs through all the set checks and returns true
if the password is valid according to the set criteria and false
otherwise.
bool isValid = validator.Validate(password);
Partial criteria matching
Partial criteria matching is a feature that allows a password to be validated even if only a subset of the checks pass. For example, if you add the check for letters, the check for numbers, and the check for upper and lower case, then you can pass a value of 2 to the validator indicating that the password is only required to pass two of these three checks. A password with letters and numbers, but no upper case is then still valid. You can also provide a value between 0 and 1 representing the % of checks that must pass.
bool isValid = validator.Validate(password, 2); // Two tests must pass for the password to be valid.
bool isValid = validator.Validate(password, 0.5); // 50% of the tests must pass for the password to be valid.
Failed checks
One can iterate over the checks that failed by doing the following:
foreach (Check failedCheck in validator.FailedChecks)
{
}
Passed checks
One can iterate over the checks that passed by doing the following:
foreach (Check passedCheck in validator.PassedChecks)
{
}
Add single predefined check
validator.AddCheck(CheckTypes.LetterSequence);
Add custom check
Custom checks can be added in two ways:
- Anonymous method
- Create a class that inherits EzPasswordValidator.Checks.CustomCheck
validator.AddCheck(nameof(MyCustomCheck), MyCustomCheck);
//or
validator.AddCheck("MyCustomCheckTag", psw => psw.Length > 8);
Add multiple checks
Multiple checks can be added at once as the CheckTypes
are bit flags. See CheckTypes for a reference.
Add multiple checks by using bitwise OR:
validator.AddCheck(CheckTypes.NumberSequence | CheckTypes.LetterSequenceCheck);
This adds both the number sequence check and the letter sequence check.
Add multiple checks by using a integer value:
validator.AddCheck(288);
Here the number sequence (binary: 100000) and letter sequence (binary: 100000000) checks are added as the combined binary value is 100100000 which is the same as 288 in base 10.
There are also two predefined combinations: basic and advanced. Basic contains length check, numbers check, letters check, symbols check, and upper-lower-case check. Advanced contains all checks. These can be added by doing either of the following:
validator.AddCheck(CheckTypes.Basic);
validator.AddCheck(CheckTypes.Advanced);
validator.RemoveCheck(CheckTypes.Symbols);
validator.RemoveCheck(1); // 1 represents the length check
validator.RemoveCheck("MyCustomCheckTag"); // Removes the custom check with the given tag
We welcome all contributions, please see the contribution guidelines.
This project is licensed under the MIT License - see LICENSE.md for details.