Validate Password to not contain a dictionary word

0
I have a requirement to not allow any dictionary words in Password. I tried using "com.platinum.dpv.DictionaryPasswordValidator" jar file. But this is not working as expected. Its returning false when word is not present in dictionary and its converting password to lowercase and then searching for it which is wrong. I didnt understand code in jar file, so couldnt change it. Have anyone implemented this already. If yes, please tell me the approach.
asked
2 answers
0

Hi

1 - create/find a regex to not aloow any words, you can create here your own: https://txt2re.com/

2 - save the top 350.000 words in your database/mf and check the string by yourself before doing this...

3 - find a java developer who can get it work to use com.platinum.dpv.DictionaryPasswordValidator

both seem not practical to me. out curiousity what kind of app ask for this? seen a lot apps but didnt encouter this one :D

answered
0

What a completely retarded requirement from the security team...

Passwords in general should be long and hard to brute force with the number of letter combinations.

A password containing several random dictionary words would be far stronger than a short string of random characters.

You_are_a_donkey_for_trying_this_password_15_X__PLZtry_again

would be near endlessly more secure than

a#%#324

now if I would force my user to passwords like this:

#@U*FY*(EYRH13l4HSfhafhyas89ru13ehsa7ffyswy@OU410ruahf

They will never ever remember their password or make typos in it.

Which then is followed up by:

- I need to be able to look at my written password during logging in (checking the last password for typos will take you about 20 seconds which is plenty for me to take a picture over your shoulder)

- Reset your password every time you try to log in.

 

 

answered