Talk:OWASP Proactive Controls

Hi Jim,

When looking at your your project page, maybe I have something, that you might be interested in.

A while ago, Torsten figured out how to write the password policy of Windows (3 out of 4) as an regular expression:

^(?:(?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))(?!.*(.)\1{2,})[A-Za-z0-9!~<>,;:_=?*+#."&§%°\|\[\]\-\$\^\@\/]{8,32}$

A short explanation:

password length 8 -32 Character set:  -Za-z0-9!/~<>,;:_=?*+-#."&§$%^°[]|@ at least 3 out 4 (uppercase and lowercase letters, numbers and special characters) no more than 2 equal characters in a row (that's not Windows)

More on your document maybe later.

Best Regards, Thomas