Some common restrictions are: Leaving the last requirement for now, as it requires a server-side script, let's see what's possible using just client-side HTML and Java Script.While having a strong password is a good first step, it needs to be backed up by additional measures on the server that prevent brute-force attacks.Again, you can use the form below to test this regular expression: Restricting which characters can be used is not good practice as punctuation and other symbols provide extra security.You might implement this code on your own website as follows: As you can see, it's well worth learning the intricacies of regular expressions.A few simple form attributes can have the same effect as reams of Java Script code libraries.Here we have an enhanced version of the above code where we've added HTML5 handler to the first password field which updates the pattern required by the second password field - in effect forcing them to be identical: Here you can see a screen shot from Safari of the form being completed.Because the input type obscures the text typed, you should let the user confirm that they haven't made a mistake.The simplest way to do this is to have the password entered twice, and then check that they are identical.
Some text editors (not just vi) also allow them when searching for or replacing text. This is a new technique available in modern browsers and definitely the way of the future.The form below has three input fields: username, pwd1 and pwd2. If a false value is returned then the form submission is cancelled.This code will work for browsers as far back as Netscape 4 (circa 1997). If you're not sure how to place this on your page, you might need to read the preceding article on Form Validation, or view the HTML source of this page.If the purpose of registration is to confirm that the person exists, and that they have supplied a valid email address, then as part of the registration processe you a should either email them a random password or a confirmation token rather than letting them choose their own password and use it immediately.The code presented below would then be used for letting the user change their password.