The problem as stated:
die "weak password" if length($pw) < 8 or not /[A-Z]/ or not /[a-z]/ or not /[0-9]/ or not /[^a-z0-9]/i;
Remaining issue: there are many more weak passwords which this doesn't check. Check that the password isn't in a dictionary (see /usr/dict/words for a start), isn't the same as the username, isn't "xyzzy" or other legendary passwords, and many other commonly guessed or made-up entries.
Root issue: explaining the rules to the user. Don't expect people to remember purely randomized characters that mean nothing. Blindly explaining and requiring a policy of minimum length, mixed-case, digits and punctuation can actually undermine your password policy, because it just forces people to write it on a PostIt™ and stick it under their keyboard. Suggest they START by thinking of a phrase that they'll remember without writing down, and use the initials or the last letters of each word as the password. Then have them insert a digit or a bit of punctuation or a capital letter, as you suggested. Avoid the nonsensical line-noise passwords, because your users will show you how weak a meaningless password can be.
--
[ e d @ h a l l e y . c c ]
In reply to Re: New to RegEx... need translation
by halley
in thread New to RegEx... need translation
by mojobozo
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |