0

What characters are considered safe for passwords in a ASP.NET MVC4 application? And what is the correct way to validate the value? I've been trying to use alphanumeric characters plus several simple characters. Unfortunately, I am running into problems with the RegEx not firing.

The characters I am allowing are:

!@#$%&+

The validation attribute and RegEx I am using is:

[RegularExpression(@"^[a-zA-Z0-9!@#$%&+]*$")]
Improve this question
3
  • 1
    IMO any character is safe for a password as long as it isn't modified by browsers during the POST method (which as far as I am aware is none). Why? Because most secure systems will store a hashed value, and never display the original value so it doesn't really matter as long as the user can type it. Commented Apr 30, 2014 at 22:27
  • I agree that allowing any character in the password is perfectly good, I have found that I get fewer user "password problems" If I strip the trailing whitespace from the password everytime it is entered. If a user does this intentionly, this causes no problems, but since people do see a significance significant different with trailing whitespace, they don't understand why their password is not valid. And AMEN to using a storing salted hash. Commented Apr 30, 2014 at 22:38
  • There'll be plenty of users who have awfully simple passwords, but a good number who'll choose, or want to choose, the most obscure characters permissible, and there's no reason not to let them do that. Commented Apr 30, 2014 at 22:40

1 Answer 1

Reset to default
2

What characters are considered safe for passwords in a ASP.NET MVC4 application?

All of them.

Do you have a good reason for implementing such a rule?

Encourage your users to choose a long and not-too-complex password. You can give them feedback with a password strength indicator.

While we're talking about password strength, this XKCD comic is relevant:

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.