Skip to content

A .NET standard library for advanced password validation.

License

Notifications You must be signed in to change notification settings

havardt/PasswordValidator

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

60 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Warning
This package has been deprecated as it is no longer maintained.

PasswordValidator

NuGet version (EzPasswordValidator) Downloads License: MIT

A .NET standard library for easy password validation. This library defines 11 predefined checks and an easy way to implement custom checks.

📜 Table of contents 📜

Checks

There are 11 predfined checks each representing a password criteria. Each check type is defined as a bit flag. A combination of checks can thus be simply refrenced using a single integer. All predefined check types are defined here.

NIST Special Publication 800-63B
The following are the key takeaways from these guidelines:

  • SHALL ensure that passwords are at least 8 characters in length and MAY all be numeric.
  • SHALL permit passwords at least 64 characters in length.
  • SHALL disallow passwords that appear on a blacklist of commonly-used or compromised values.
  • SHOULD not enforce any other constraints.

Length check (CheckTypes.Length)

Checks if the given password is equal to or longer than the required minimum length and equal to or shorter than the maximum allowed length.

Default minimum length: 8     
Default maximum length: 128

Changing length bounds example:

validator.MinLength = 10;
validator.MaxLength = 256;

//OR

validator.SetLengthBounds(10, 256);

Check for numbers (CheckTypes.Numbers)

Checks that the password contains at least one digit.

Check for letters (CheckTypes.Letters)

Checks that the password contains at least one letter. This check supports multiple alphabets. For more information about how we classify a letter see this refrence.

Check for symbols (CheckTypes.Symbols)

Checks that the password contains at least one symbol.

Case check (CheckTypes.CaseUpperLower)

Checks that the password contains at least one upper- and lower-case letter. This check supports multiple alphabets. For more information about how we classify a letter see this refrence.

Check for number sequences (CheckTypes.NumberSequence)

Checks if the password contains a number series/sequence equal to or longer than the set length. This length can be updated by setting the EzPasswordValidator.Validators.PasswordValidator.NumberSequenceLength property (from v2.0.0). By default this has the following values:

Default number sequence length (version < 2.0.0): 3
Default number sequence length (version >= 2.0.0): 4

Both increasing sequences and decreasing sequences are checked.

Example number sequence: 12345  or  987654321

Check for number repetition (CheckTypes.NumberRepetition)

This type has been replaced with digit repetition from v2.0.0

Checks if the password contains number repetition equal to or longer than 3 in a row.

Example number repetition: 444  or  222

Check for digit repetition (CheckTypes.DigitRepetition) - New in v2.0.0

Checks if the password contains digit repetition equal to or longer than the set length. This length can be updated by setting the EzPasswordValidator.Validators.PasswordValidator.DigitRepetitionLength property. By default this has the following values:

Default digit repetition length: 4

Example digit repetition: 4444  or  2222

Check for number location (CheckTypes.NumberMixed)

Checks that the password does not only have numbers in the front and/or end of the password. To pass this check the password must have a non-digit character before and after a digit character, only one digit must match this pattern.

Example invalid password: 2password   |  password2
Example valid   password: 2pass9word  |  p6ssword

Check for letter sequences (CheckTypes.LetterSequence)

Checks if the password contains an alphabetical letter sequence consisting of a set amount of letters or more. This length can be updated by setting the EzPasswordValidator.Validators.PasswordValidator.LetterSequenceLength property (from v2.0.0). By default this has the following values:

Default letter sequence length: 4

Note: this check currently only supports ISO basic latin alphabet (A-Z a-z).

Example letter sequence: abcd or bcde

For versions prior to v2.0.0 two three letter sequences where also checked for: abc and xyz.

Check for letter repetition (CheckTypes.LetterRepetition)

Checks if the password contains letter repetition of a set length or longer. This length can be updated by setting the EzPasswordValidator.Validators.PasswordValidator.LetterRepetitionLength property (from v2.0.0). Prior to v2.0.0 this check had hardcoded a repetition of 3 or more letters.

Note:

  • This check supports multiple alphabets. For more information about how we classify a letter see this refrence.
  • This check is not case sensitive meaning 'aAA' and 'aaa' are both classified as letter repetition of length 3.
Example letter repetition: aAAA  or  bbbb

Check for symbol repetition (CheckTypes.SymbolRepetition)

Checks if the password contains symbol repetition of a set length or longer. This length can be updated by setting the EzPasswordValidator.Validators.PasswordValidator.SymbolRepetitionLength property (from v2.0.0). Prior to v2.0.0 this check had hardcoded a repetition of exactly 3 symbols.

For more information about how we classify a letter see this refrence.

Example symbol repetiton of length 4: ////  or  @@@@

Install

There are three main ways to install EzPasswordValidator:

  • NuGet (Recommended)
  • Download .dll from releases
  • Manually build .dll from source

Usage

First create a validator. The constructor is overloaded and can take CheckTypes.

var validator = new PasswordValidator(CheckTypes.Letters | CheckTypes.Numbers | CheckTypes.Length);

This example shows the creation of a validator that checks that a password contains letters, numbers and is within the set length bounds(default length bounds, since it is not explicitly set).

Validate

The Validate method runs through all the set checks and returns true if the password is valid according to the set criteria and false otherwise.

bool isValid = validator.Validate(password);

Partial criteria matching
Partial criteria matching is a feature that allows a password to be validated even if only a subset of the checks pass. For example, if you add the check for letters, the check for numbers, and the check for upper and lower case, then you can pass a value of 2 to the validator indicating that the password is only required to pass two of these three checks. A password with letters and numbers, but no upper case is then still valid. You can also provide a value between 0 and 1 representing the % of checks that must pass.

bool isValid = validator.Validate(password, 2); // Two tests must pass for the password to be valid.
bool isValid = validator.Validate(password, 0.5); // 50% of the tests must pass for the password to be valid.

Failed checks
One can iterate over the checks that failed by doing the following:

foreach (Check failedCheck in validator.FailedChecks)
{
    
}

Passed checks
One can iterate over the checks that passed by doing the following:

foreach (Check passedCheck in validator.PassedChecks)
{
    
}

Add checks

Add single predefined check

 validator.AddCheck(CheckTypes.LetterSequence);

Add custom check
Custom checks can be added in two ways:

  1. Anonymous method
  2. Create a class that inherits EzPasswordValidator.Checks.CustomCheck
validator.AddCheck(nameof(MyCustomCheck), MyCustomCheck);
//or
validator.AddCheck("MyCustomCheckTag", psw => psw.Length > 8);

Add multiple checks Multiple checks can be added at once as the CheckTypes are bit flags. See CheckTypes for a reference.

Add multiple checks by using bitwise OR:

 validator.AddCheck(CheckTypes.NumberSequence | CheckTypes.LetterSequenceCheck);

This adds both the number sequence check and the letter sequence check.

Add multiple checks by using a integer value:

 validator.AddCheck(288);

Here the number sequence (binary: 100000) and letter sequence (binary: 100000000) checks are added as the combined binary value is ‭100100000‬ which is the same as 288 in base 10.

There are also two predefined combinations: basic and advanced. Basic contains length check, numbers check, letters check, symbols check, and upper-lower-case check. Advanced contains all checks. These can be added by doing either of the following:

 validator.AddCheck(CheckTypes.Basic);
 validator.AddCheck(CheckTypes.Advanced);

Remove checks

validator.RemoveCheck(CheckTypes.Symbols);
validator.RemoveCheck(1); // 1 represents the length check
validator.RemoveCheck("MyCustomCheckTag"); // Removes the custom check with the given tag

Contribute

We welcome all contributions, please see the contribution guidelines.

License

This project is licensed under the MIT License - see LICENSE.md for details.