Internet scammers steal millions of passwords from mailboxes and user accounts every day. But do not despair - we will give some very simple but effective tips that will protect you from losing control of your resources.
For those who prefer to watch, we have prepared a video version of this article:
1. Use complex passwords
You guessed right? Pardon the banality, but this main advice- which is still neglected by most users. No wonder passwords like qwerty remain in the top of the most popular to this day.
Do not use the names of your favorite heroes, the name of a football club or the name of a pet as a password, as this information is easy to find on your social networks. A complex password should consist of an arbitrary combination of various characters and symbols.
2. Use upper and lower case letters, numbers and symbols
, users do not like long passwords - they are easy to forget and too lazy to type. An 8-character password was considered secure only in the early days of computers; Today, an eight-digit combination is mechanically selected in a couple of hours.
However, even a short password (up to 8 characters) can be made relatively strong by using numbers and letters in different cases. It will take 2-3 days to select such a password.
Maximum strength is achieved by simply increasing the length of the password and using different characters ($, %, &, '', #), in those services where possible.
3. Use acronyms
Choose a phrase you won't forget and use a combination of the first letters of each word as your password. For example, the poem of 1828 "At Lukomorye there is a green oak, a golden chain on that oak ..." turns into ULdzzcndt1828.
4. Use with keyword
Pick a keyword and mix it with the title of every site you have Account. For example, for keyword"antivirus" password on the site will look like this: c a l n u t b i e v s i e r t u n s od32. The advantage of this trick is that you will have a strong password for every site.
As suggested in the comments, this method can fail if the site address changes - however, in this case, it is enough to use auto-recovery of the password.
5. Don't use the same password for multiple accounts
Like a real artist, be original. Remember that different sites have different levels of security. For example, most services send passwords via e-mail through the password recovery process. Having obtained a password from an insecure service, hackers can try to use it for your mail or social networks - the same password will become the key to all your resources.
You can reduce risks only by using unique complex passwords for all accounts.
6. Change passwords more often
In the case of the theft of Mail.ru passwords, 99.982% of all passwords turned out to be irrelevant. This was largely due to the fact that most of the database of stolen accounts was compiled from a number of other databases.
However, in the case of 57 million addresses (that's how many records were in the leaked database), this is not enough - can you guarantee that your Mail.Ru mailbox has not been compromised by intruders? Moreover, this is just one example of a leaked database - we do not know how many millions of current addresses are walking through the hands of hackers today.
But we know for sure that there would be much fewer of them if users changed passwords regularly.
7. Use a password manager
How not to forget the password from the VKontakte account, mailbox and internet banking? Few people can remember dozens of complex passwords. This is fine.
Fortunately the developers software came up with a solution. Today, there are many tools that help users securely store an unlimited number of the most complex passwords. For example, you can use the most popular - LastPass or 1Password.
However, password managers have their weaknesses. The most important accounts through which you can access your banking information should not be trusted even by the most reliable programs.
8. Don't Forget the "Secret Question"
In tip #1, we recommended not using data that can be easily found out about you from social networks as a password. The same applies to "secret questions", which for some reason many people forget or do not attach importance to them. In addition, attackers can easily pick up an answer from a database of popular options.
Try using the absurd tactic when the answer has nothing to do with the secret question. Mother's Maiden Name? Aspirin! Name of the pet? 1989!
9. Use two-factor authentication
To minimize the risk of a credential leak, use two-factor authentication wherever possible.
Most social networks, postal and banking services allow you to enable confirmation of authorization by SMS. Thus, scammers will not be able to access your account if they do not have your mobile phone in their hands.
So, if you have a Yandex account, we recommend using the Yandex.Key two-factor authentication function:
10. Antivirus is our everything
Passwords do not just get to hackers, do not float away to them through the air (except for the usual fraud, when users themselves give criminals passwords for their services).
Personal data is collected and sent to hackers by quite specific malware, which by hook or by crook tend to get on your PC, laptop or smartphone.
Therefore, installing a reliable antivirus with (and regularly updating the databases) is one of the main ways to save your money, nerves and privacy.
The password generator generates passwords in real time. The created passwords are not saved anywhere and are displayed only on your device (PC, tablet or smartphone).
Each time you change the settings, click the "Generate" button, or reload the page, new passwords are generated.
"By default" for generating passwords, English lowercase and uppercase letters, numbers and some special characters are used. To change the list of characters, use the "Password Generator Settings"
Password length
The password generator generates passwords from 5 to 30 characters long. Initially generated passwords are 10 characters long. In general, it is not recommended to use passwords shorter than 7 characters. The use of longer passwords is recommended for stronger protection against hacking, but is likely to be inconvenient to save or remember.
English and Russian letters
Traditionally, English (Latin) letters are used for passwords, however, Russian letters can also be used. Russian letters greatly increase the complexity of passwords when trying to brute-force, but be careful, some systems may not support passwords that include Cyrillic. It is recommended to check first.
Numbers
Numbers in the password must be required. The presence of numbers in the password improves the quality of the password, while passwords with numbers are easier to remember.
Special symbols
Passwords containing special characters are the most resistant to hacking. Many systems during registration require that the password must include service characters. We recommend that you do not neglect the use of such characters and include them in the generated password.
Russian characters similar to English and English characters similar to Russian
If you use both English and Russian letters when using an online password generator, you may encounter the problem of visual "similarity" of some English and Russian characters. Letters such as A and A, B and B, C and C, E and E (a, ai, ve, bi, es, si, e, and) are different letters, although they look the same. In order to avoid confusion when using passwords later, use the corresponding settings item.
Eliminate vowels or exclude consonants
Use these advanced settings items if you want to exclude vowels or consonants when generating passwords.
Exclude similar characters
Look at the symbols I, l, 1, | (ay, el, unit, vertical bar). Such letters, symbols, and numbers are very similar in spelling, so errors can occur when saving and then using the password. In order to exclude such errors, use this setting item.
List of symbols used
The list window of used characters of the password generator contains all the characters from which passwords are composed, taking into account the current settings. The list can be edited - delete unnecessary and add the characters you need. When deleting or adding characters in the list editing window, new passwords are automatically generated, taking into account the changes made.
Reset settings
All settings made while using the password generator are automatically stored in the memory (cookies) of your browser. Settings are saved, but not passwords! As mentioned above, new passwords are generated every time. In order to reset the settings to their original state, use the "Reset settings" link. When resetting, new passwords are automatically generated based on the original settings.
Link to password generator
If you want to send a link to the "Password Generator" to a friend or publish in in social networks, copy the address from the special window located at the bottom of the generator case. Along with the link, the settings you have chosen are also transmitted.
Conditions: 1] Min 1 special character. 2] Min 1 number. 3] Min 8 characters or MoreUse the following Regex to meet the following conditions:
Regex: ^(?=.*\d)(?=.*[#$@!%&*?])(8,)$
Can test online: https://regex101.com
I want a regex to check that:
The password is at least eight characters long, including at least one number, and includes both lowercase and uppercase letters and special characters, such as # ? , ! ,
It cannot be your old password or contain your username, "password" or "websitename"
And here is my validation expression which is for eight characters including one uppercase letter, one lowercase letter and one number or special character.
(?=^.(8,)$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*)(?=.* ).*$"
How can I write it for password, must be eight characters including one capital letter, one special character and alphanumeric characters ?
@ClasG already suggested:
^(?=\S*)(?=\S*)(?=\S*\d)(?=\S*[^\w\s])\S(8,)$
but it doesn't accept _ (underscore) as a special character (like Aa12345_).
Improved:
^(?=\S*)(?=\S*)(?=\S*\d)(?=\S*([^\w\s]|[_]))\S(8,) $
In Java/Android, to check a password with at least one number, one letter, one special character in the following pattern:
"^(?=.*)(?=.*\\d)(?=.*[$@$!%*#?&])(8,)$"
According to your need, this model should work fine. Try it,
^(?=(.*\d)(1))(.*\S)(?=.*)(8,)
Just create a string variable, assign a template and create boolean method, which returns true if the pattern is valid, false otherwise.
String pattern = "^(?=(.*\d)(1))(.*\S)(?=.*)(8,)"; String password_string = "Type the password here" private boolean isValidPassword(String password_string) ( return password_string.matches(Constants.passwordPattern); )
Import the jquery.validate.min.js JavaScript file.
You can use this method:
$.validator.addMethod("pwcheck", function (value) ( return /[\@\#\$\%\^\&\*\(\)\_\+\!]/.test(value) && //.test(value) && //.test(value) && //.test(value) ));
Hope below works. I have tried this in an Azure custom policy.
(? =. ) (? =. ) (? =. \d)(?=. [@ # $% ^ & * -_ + = {} | \: ",? / ~"();!])({}|\\:",?/ ~" (); ] |. (?! @)) {6,16} $
Not directly answering the question, but does it really have to be a regular expression?
I have used a lot of Perl and am used to solving problems with regular expressions. However, as they get more complex with all the looks and other quirks, you need to write dozens of unit tests to kill all those little bugs.
Also, a regex is usually several times slower than an imperative or functional solution.
For example, the following (not very FP) Scala function solves the original question about three times faster than the most popular answer's regular expression. What it does is also so clear that you don't need a unit test:
Def validatePassword(password: String): Boolean = ( if (password.length< 8) return false var lower = false var upper = false var numbers = false var special = false password.foreach { c =>if (c.isDigit) numbers = true else if (c.isLower) lower = true else if (c.isUpper) upper = true else special = true ) lower && upper && numbers && special )
Try it:
^.*(?=.{8,})(?=.*)(?=.*)(?=.*[@#$%^&+=])*$
This regex works great for me.
Function myFunction() ( var str = "c1TTTTaTTT@"; var patt = new RegExp("^.*(?=.(8,))(?=.*)(?=.*)(?=.*[ @#$%^&+=])*$"); var res = patt.test(str); console.log("Is regular matches:", res); )
Simply we can do it using HTML5.
Use below code in template attribute,
Pattern="(?=^.(8,)$)((?=.*\d)(?=.*\W+))(?![.\n])(?=.*)(?= .*).*$"
It will work great.
Regular expressions don't have an AND operator, so it's pretty hard to write a regular expression that matches valid passwords when the validity is defined by something AND something else AND something else...
But regular expressions have an OR operator, so just apply DeMorgan's theorem and write a regular expression that matches invalid passwords:
Anything less than eight characters OR anything without numbers OR nothing but uppercase OR OR nothing, no lowercase letters OR nothing except special characters.
^(.(0,7)|[^0-9]*|[^A-Z]*|[^a-z]*|*)$
If something matches that, then it's an invalid password.
The solution I found in one of the previous answers:
Minimum 8 characters, at least 1 alphabetic alphabet, 1 lowercase alphabet, 1 number and 1 special character: "^(?=. ) (? =. ) (? =. \d)(?=. [ $ @ $!% ? &]) {8,} "
Doesn't work for me, but the following is a simplified version and works fine (add any special character you like, I've added # here) and add the number rule just like you did with letters:
"^(?=.*)(?=.*)(?=.*)(?=.*[$@$!%*?&]){8,}"
I would answer Peter Mortensen, but I don't have enough reputation.
His expressions are ideal for each of the specified minimum requirements. The problem with his expressions that don't require special characters is that they don't have special characters either, and also provide maximum requirements, which I don't believe the OP's request. Usually you want your users to make their password as strong as they want; why restrict strong passwords?
So, his "at least eight characters, at least one letter and one number":
^(?=.*)(?=.*\d)(8,)$
reaches the minimum requirement, but other characters can be only letter and numbers. To allow (but not require) special characters, you should use something like:
^(?=.*)(?=.*\d).(8,)$ to allow any characters
^(?=.*)(?=.*\d)(8,)$ to allow special special characters
Likewise, "A minimum of eight characters, at least one uppercase letter, one lowercase letter, and one number:
^(?=.*)(?=.*)(?=.*\d)(8,)$
corresponds to this minimum requirement, but allows only letters and numbers. Usage:
^(?=.*)(?=.*)(?=.*\d).(8,)$ to allow any characters
^(?=.*)(?=.*)(?=.*\d)(8,) to allow special special characters.
Use the following Regex to satisfy the below conditions: Conditions: 1] Min 1 uppercase letter. 2] Min 1 lowercase letter. 3] Min 1 special character. 4] Min 1 number. 5] Min 8 characters. 6] Max 30 characters. Regex: /^(?=.*)(?=.*)(?=.*\d)(?=.*[#$@!%&*?])(8,30)$/
I need a regex to test this:
The password is at least eight characters long, including at least one number, and includes both lowercase and uppercase letters and special characters such as # , ? , ! .
It cannot be your old password or contain your username, "password" or "websitename"
And here is my validation expression, which is for eight characters, including one uppercase letter, one lowercase letter, and one number or special character.
(?=^.(8,)$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*)(?=.* ).*$"
How can I write it for the password to be eight characters including one capital letter, one special character and alphanumeric characters ?
javascript asp.net regex
877
Minimum eight characters, at least one letter and one number:
"^(?=.*)(?=.*\d)(8,)$"
Minimum eight characters, at least one letter, one number and one special character:
"^(?=.*)(?=.*\d)(?=.*[@$!%*#?&])(8,)$"
Minimum eight characters, at least one uppercase letter, one lowercase letter, and one number:
"^(?=.*)(?=.*)(?=.*\d)(8,)$"
Minimum eight characters, at least one uppercase letter, one lowercase letter, one number, and one special character:
"^(?=.*)(?=.*)(?=.*\d)(?=.*[@$!%*?&])(8,)$"
Minimum eight and maximum 10 characters, at least one uppercase letter, one lowercase letter, one number, and one special character:
"^(?=.*)(?=.*)(?=.*\d)(?=.*[@$!%*?&])(8,10)$"
53
Regular expressions don't have an AND operator, so it's pretty hard to write a regex that matches valid passwords when the validity is determined by something AND, something else AND, something else...
But regular expressions have an OR operator, so just apply DeMorgan's theorem and write a regex that matches invalid passwords:
Anything less than eight characters OR anything that doesn't contain numbers OR anything that does not contain capital letters OR or anything that does not contain lowercase letters OR anything that doesn't contain special characters.
^(.(0,7)|[^0-9]*|[^A-Z]*|[^a-z]*|*)$
If something matches that, then it's an invalid password.
29
Just a small improvement to @anubhava's answer: since special characters are limited to those found on the keyboard, use this for any special character:
^(?=.*?)(?=(.*)(1,))(?=(.*[\d])(1,))(?=(.*[\W])(1, ))(?!.*\s).(8,)$
This regex will apply these rules:
20
I had some difficulty following the most popular answer for my circumstances. For example, my validation failed with characters like; or [ . I wasn't interested in whitelisting my special characters, so I instead used [^\w\s] as a test - to put it simply - matching non-word characters (including numeric characters) and non-whitespace characters. To sum it up, here's what worked for me...
but it doesn't accept _(underscore) as a special character (eg. Aa12345_).
Improved one:
^(?=\S*)(?=\S*)(?=\S*\d)(?=\S*([^\w\s]|[_]))\S(8,) $
2
I found a lot of problems here, so I made my own.
Here it is in all its glory, with trials:
^(?=.*)(?=.*)(?=.*\d)(?=.*([^a-zA-Z\d\s])).(9,)$
There is something to pay attention to:
1
Simply we can do it with HTML5.
Use the below code in pattern attribute,
Pattern="(?=^.(8,)$)((?=.*\d)(?=.*\W+))(?![.\n])(?=.*)(?= .*).*$"
It will work perfectly.
1
You can use the regex pattern below to check if the password matches your expectations or not.
((?=.*\\d)(?=.*)(?=.*)(?=.*[~!@#$%^&*()]).(8,20))
1
Conditions: 1] Min 1 special character. 2] Min 1 number. 3] Min 8 characters or MoreUse the following Regex to meet the following conditions:
Regex: ^(?=.*\d)(?=.*[#$@!%&*?])(8,)$
0
In Java/Android, check password with at least one number, one letter, one special character according to the following pattern:
"^(?=.*)(?=.*\\d)(?=.*[$@$!%*#?&])(8,)$"
0
Try this:
^.*(?=.{8,})(?=.*)(?=.*)(?=.*[@#$%^&+=])*$
This regex works perfect for me.
Function myFunction() ( var str = "c1TTTTaTTT@"; var patt = new RegExp("^.*(?=.(8,))(?=.*)(?=.*)(?=.*[ @#$%^&+=])*$"); var res = patt.test(str); console.log("Is regular matches:", res); )
0
Hope below works. I tried this in a custom azure policy.
^(?=. ) (?=. ) (?=. \d)(?=. [@#$%^&*-_+={}|\:",?/ ~"();!])({}|\\:",?/ ~"();!]|.(?!@)){6,16}$
-1
The solution I found in one of the previous answers is like:
Minimum 8 characters minimum 1 uppercase alphabet, 1 lowercase alphabet, 1 number and 1 special character: "^(?=. ) (?=. ) (?=. \d)(?=. [$@$!% ?&]){8 ,}" ..
.this didn't work for me, but the following is a simplified version and works fine (add any special character you like, I've added # here) and also add a number rule like you do with letters like:
"^(?=.*)(?=.*)(?=.*)(?=.*[$@$!%*?&]){8,}"
I am new to regex. Basically I need to validate a password in Java for the following requirement: The password must be at least six characters long. The password can contain no more than 20 characters In order to...
How to make regex fit below rules only allow letters (uppercase or lowercase), numbers, dots, underscores, dashes at least 5 characters can't contain common terms or extensions...
I already use this regex: ^(6,)$ it allows: numbers, uppercase letters, lowercase letters. it forbids: spaces and special characters or characters. But I want to change it to:- allow:...
I need help creating a regex password. The password must contain at least 4 characters, letters (uppercase and lowercase), numbers and special characters - no spaces. MCH as a regular expression.
I am trying to write a regex to validate the password for a given rule. Passwords must be at least 8 characters long and contain at least 3 of the following 4 types of characters: lowercase letters (for example,...
I have to check the password so they match these rules A) the password must contain characters from 3 of the following 4 classes: English Capital letters A, B, C, ... Z English lowercase...
I need a regex that must have at least one numeric character, both upper and lower case letters are allowed, special characters are also allowed I use this...
I need a regex to validate a password with the below conditions At least 6 characters long Must contain at least 1 letter Must contain at least 1 number If the password contains special...
I have implemented a template in angular 5 with the following code in a .ts file for password validation. This must be done - support for a minimum of eight characters, at least one uppercase letter, one...
Hi I want to find a regular expression that satisfies these conditions. (1) passwords must be at least 8 characters long (2) it must contain at least uppercase, lowercase letters, numbers and...
