I have a password validation like the following r开发者_如何学Cules
- Should contains at most 15 chars and 8 chars at least
- Password should contain 2 numeral character
- There is no importance where to put the two numeral chars in start or end even if they anywhere in the password
^(?=\D*\d\D*\d).{8,15}$
The best you can do is present your user with an estimate of the strength of their password and let them shoot their own foot if they wish.
Any scheme to force people to make good passwords is doomed by the ability of people to use post-it notes.
精彩评论