NIST recently updated their Digital Identity Guidelines in June 2017. The new guidelines specify general rules for handling the security of user supplied passwords. Previously passwords were suggested to have certain composition rules (special characters, numbers, etc.), hints and expiration times. Those have gone out the window and the new suggestions are as follows: Passwords MUST
- Have an 8 character minimum
- AT LEAST 64 character maximum
- Only allow printable ASCII characters and spaces
- Not be a common password
A program to detect if a password meets these requirements.
-
Have at least 8 Character
-
Can have 64 character maximum
-
Allowed only ASCII characters
-
Check not a common password
Program takes a file of newline delimited common passwords to check if a password is in that file and print invalid passwords to the command line and print * for any unprintable character
OS - Linux
Software - Python 3.6+
$ git clone https://github.com/AdityaMunot/password_validator.git
$ bash install.sh
$ git clone https://github.com/AdityaMunot/password_validator.git
For use in Development:
-
Open install.sh
-
comment and uncomment the following way.
-
# production setup # # pip3 install . # development setup # pip3 install -e .
This will reduce the hassle of keep installing the cli tool.
$ bash install.sh
$ cat <path to input text file> | password_validator <path to common password text file>
$ cat test_file/input_passwords.txt | password_validator test_file/weak_password_list.txt
mom -> Error: Too Short
password1 -> Error: Too common
Bj**rk****oacute* -> Error: Invalid Charaters
pipi -> Error: Too Short
**** -> Error: Invalid Charaters
Managed by Aditya Munot