Magento – Password Requirements Complexity

javascriptmagento-1.9magento-enterprisepasswordSecurity

I would like to increase password security for customer and admin accounts in Magento. In addition to minimum password length, contain uppercase, lowercase, special characters, and digits.

I found the JavaScript file that controls the validation. Path:js/prototype/validation.js (Screenshot and code attached)
What is the appropriate code to be added?

enter image description here

 ['validate-password', 'Please enter 8 or more characters. Leading or trailing spaces will be ignored.', function(v) {
            var pass=v.strip(); /*strip leading and trailing spaces*/
            return !(pass.length>0 && pass.length < 8);
        }],
['validate-admin-password', 'Please enter 7 or more characters. Password should contain both numeric and alphabetic characters.', function(v) {
            var pass=v.strip();
            if (0 == pass.length) {
                return true;
            }
            if (!(/[a-z]/i.test(v)) || !(/[0-9]/.test(v))) {
                return false;
            }
            return !(pass.length < 7);
        }],

Thank you in advance for your help.

Best Answer

You can use below regular expression.

(/^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])[0-9a-zA-Z]{8,}$/)

Explanation of this expression is

(/^
(?=.*\d)                //should contain at least one digit
(?=.*[a-z])             //should contain at least one lower case
(?=.*[A-Z])             //should contain at least one upper case
[a-zA-Z0-9]{8,}         //should contain at least 8 from the mentioned characters
$/)

You can replace line 

 return !(pass.length>0 && pass.length < 8);

with

if (!(/^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])([a-zA-Z0-9]{8,})$/.test(pass))) {
        return false;
}
return true;

And change error message related to expression. You can do same for admin password.

For special character you can use below regular expression.

Minimum 8 characters at least 1 Uppercase Alphabet, 1 Lowercase Alphabet, 1 Number and 1 Special Character from amongst these $@$!%*?&#^ .

"^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[$@$!%*?&])([A-Za-z\d$@$!%*?&#^]{8,})"

You can use it like this way

if (!(/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[$@$!%*?&#^])([A-Za-z\d$@$!%*?&#^]{8,})$/.test(pass))) {
     return false;
} 
return true;
Related Topic