- Password Length
- Character Types
- Password Complexity
- Password History
- Encryption
- Attempts
<membership>
<providers>
<add
name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, ..."
connectionStringName="LocalSqlServer"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
applicationName="/"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
/>
</providers>
</membership>
To control the password complexity, you'll need to set the "passwordStrengthRegularExpression" under the "AspNetSqlMembershipProvider".
I'm not great with Regular Expressions, so I turned to StackOverflow for the following password requirements:
- At least 8 Characters (up to 100)
- Must have 3 of the 4 character types (Upper, Lower, Number, Symbol)
(?=^[^\s]{8,100}$)((?=.*?\d)(?=.*?[A-Z])(?=.*?[a-z])|(?=.*?\d)(?=.*?[^\w\d\s])(?=.*?[a-z])|(?=.*?[^\w\d\s])(?=.*?[A-Z])(?=.*?[a-z])|(?=.*?\d)(?=.*?[A-Z])(?=.*?[^\w\d\s]))^.*
An explanation of individual components:
• (?=^[^\s]{8,100}$) - contain between 8 and 100 non-whitespace characters
• (?=.*?\d) - contains 1 numeric
• (?=.*?[A-Z]) - contains 1 uppercase character
• (?=.*?[a-z]) - contains 1 lowercase character
• (?=.*?[^\w\d\s]) - contains 1 symbol
Notice after the length segment the double parens and later in the expression you'll see several
's. This allows for the either/or comparison of the 4 possible combinations that are allowed.
Also, check out RAD Regex Designer, for a FREE tool to test your Regular Expression!
