Hi
1 - create/find a regex to not aloow any words, you can create here your own: https://txt2re.com/
2 - save the top 350.000 words in your database/mf and check the string by yourself before doing this...
3 - find a java developer who can get it work to use com.platinum.dpv.DictionaryPasswordValidator
both seem not practical to me. out curiousity what kind of app ask for this? seen a lot apps but didnt encouter this one :D
What a completely retarded requirement from the security team...
Passwords in general should be long and hard to brute force with the number of letter combinations.
A password containing several random dictionary words would be far stronger than a short string of random characters.
You_are_a_donkey_for_trying_this_password_15_X__PLZtry_again
would be near endlessly more secure than
a#%#324
now if I would force my user to passwords like this:
#@U*FY*(EYRH13l4HSfhafhyas89ru13ehsa7ffyswy@OU410ruahf
They will never ever remember their password or make typos in it.
Which then is followed up by:
- I need to be able to look at my written password during logging in (checking the last password for typos will take you about 20 seconds which is plenty for me to take a picture over your shoulder)
- Reset your password every time you try to log in.