In a world where the biggest security risk exists between the chair and the keyboard, weak passwords are the quickest way of allowing yourself to be hacked. A brute force attack for a 8 character lowercase password can be done in (micro)seconds. And although you should always protect your application against these attacks ( e.g. allowing three wrong password entries before suspending the account ) I’ve always felt you should be “training” your end-users. Help them create strong passwords so that this specific part of security is the least of your worries when developing a web application. Continue reading “Testing password strength with a simple regex”