Last updated
Configuring Validation Rules
Set up rules and test passwords against them in real time:
Rules configured:
✓ Minimum length: 12 characters
✓ Maximum length: 128 characters
✓ Require uppercase: at least 1
✓ Require lowercase: at least 1
✓ Require digits: at least 1
✓ Require special characters: at least 1
✓ Block common passwords: enabled
✓ Block username in password: enabled
Test password: "MyPassword123!"
✓ Length: 14 characters (≥12)
✓ Uppercase: M, P (≥1)
✓ Lowercase: y, assword (≥1)
✓ Digits: 1, 2, 3 (≥1)
✓ Special: ! (≥1)
✗ Common password: "password" detected as substring
Result: INVALID
Generated JavaScript Validation Function
The validator generates ready-to-use code:
function validatePassword(password, username = '') {
const errors = [];
// Length check
if (password.length < 12) {
errors.push('Password must be at least 12 characters long');
}
if (password.length > 128) {
errors.push('Password must not exceed 128 characters');
}
// Character type checks
if (!/[A-Z]/.test(password)) {
errors.push('Password must contain at least one uppercase letter');
}
if (!/[a-z]/.test(password)) {
errors.push('Password must contain at least one lowercase letter');
}
if (!/[0-9]/.test(password)) {
errors.push('Password must contain at least one digit');
}
if (!/[!@#$%^&*()_+\-=\[\]{}|;:,.<>?]/.test(password)) {
errors.push('Password must contain at least one special character');
}
// Username check
if (username && password.toLowerCase().includes(username.toLowerCase())) {
errors.push('Password must not contain your username');
}
// Common password check
const commonPasswords = ['password', '123456', 'qwerty', /* ... */];
if (commonPasswords.some(p => password.toLowerCase().includes(p))) {
errors.push('Password is too common or contains a common word');
}
return {
valid: errors.length === 0,
errors
};
}
Real-Time UI Feedback Component
Generated HTML/CSS/JS for a password requirements checklist:
<div class="password-requirements">
<p>Password must:</p>
<ul>
<li id="req-length" class="requirement">Be at least 12 characters</li>
<li id="req-upper" class="requirement">Contain an uppercase letter</li>
<li id="req-lower" class="requirement">Contain a lowercase letter</li>
<li id="req-digit" class="requirement">Contain a digit</li>
<li id="req-special" class="requirement">Contain a special character</li>
</ul>
</div>
<style>
.requirement { color: #dc2626; }
.requirement.met { color: #16a34a; }
.requirement.met::before { content: '✓ '; }
.requirement:not(.met)::before { content: '✗ '; }
</style>
<script>
document.getElementById('password').addEventListener('input', function() {
const p = this.value;
document.getElementById('req-length').classList.toggle('met', p.length >= 12);
document.getElementById('req-upper').classList.toggle('met', /[A-Z]/.test(p));
document.getElementById('req-lower').classList.toggle('met', /[a-z]/.test(p));
document.getElementById('req-digit').classList.toggle('met', /[0-9]/.test(p));
document.getElementById('req-special').classList.toggle('met', /[^A-Za-z0-9]/.test(p));
});
</script>
Generated Python Server-Side Validation
import re
def validate_password(password: str, username: str = '') -> dict:
errors = []
if len(password) < 12:
errors.append('Password must be at least 12 characters long')
if len(password) > 128:
errors.append('Password must not exceed 128 characters')
if not re.search(r'[A-Z]', password):
errors.append('Password must contain at least one uppercase letter')
if not re.search(r'[a-z]', password):
errors.append('Password must contain at least one lowercase letter')
if not re.search(r'[0-9]', password):
errors.append('Password must contain at least one digit')
if not re.search(r'[!@#$%^&*()_+\-=\[\]{}|;:,<>?]', password):
errors.append('Password must contain at least one special character')
if username and username.lower() in password.lower():
errors.append('Password must not contain your username')
return {'valid': len(errors) == 0, 'errors': errors}
HTML5 Pattern Attribute
Generated regex for use in HTML form validation:
<!-- Pattern: min 12 chars, at least one of each: upper, lower, digit, special -->
<input
type="password"
name="password"
pattern="^(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9])(?=.*[!@#$%^&*]).{12,128}$"
title="Password must be 12-128 characters with uppercase, lowercase, digit, and special character"
required
>
Note: HTML5 pattern validation is client-side only and can be bypassed. Always validate server-side as well.
Testing Edge Cases
Verify your rules handle boundary conditions correctly:
Test cases and expected results:
"Aa1!" (4 chars) → FAIL: too short
"Aa1!Aa1!Aa1!" (12 chars) → PASS: exactly minimum length
"Aa1!Aa1!Aa1!A" (13 chars) → PASS: above minimum
"A".repeat(129) (129 chars) → FAIL: too long
"ALLUPPERCASE1!" → FAIL: no lowercase
"alllowercase1!" → FAIL: no uppercase
"NoDigitsHere!!" → FAIL: no digits
"NoSpecialChars1A" → FAIL: no special chars
"password123A!" → FAIL: contains "password"
"john_doe_Pass1!" (username=john_doe) → FAIL: contains username
"JOHN_DOE_Pass1!" (username=john_doe) → FAIL: case-insensitive check
Minimum Count Requirements
Requiring multiple instances of each character type:
// Stricter policy: require at least 2 of each type
function validateStrict(password) {
const upperCount = (password.match(/[A-Z]/g) || []).length;
const lowerCount = (password.match(/[a-z]/g) || []).length;
const digitCount = (password.match(/[0-9]/g) || []).length;
const specialCount = (password.match(/[^A-Za-z0-9]/g) || []).length;
return {
valid: upperCount >= 2 && lowerCount >= 2 && digitCount >= 2 && specialCount >= 2,
counts: { upperCount, lowerCount, digitCount, specialCount }
};
}
// "Aa1!" → FAIL (only 1 of each)
// "AAaa11!!" → PASS (2 of each)