The "out of the box" password complexity requirements for the ASP.Net Membership system is this:
- 7 characters minimum
- 1 symbol character
A client asked for a more complex password (a common request):
- 8 characters minimum
- at least 1 number
- at least 1 lower case
- at least 1 upper case
- at least 1 symbol character
I tested a lot of regular expressions and most of them didn't work. I finally found one that works well:
^.*(?=.{8,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[\W]).*$
Simply set the "passwordStrengthRegularExpression" attribute of the provider section in the web.confg to this regular expression and badda bing, you're good to go. See this link for a list of all the attributes in the config.
You might want to seriously look into using the Password Strength Ajax Extender available from the Ajax Toolkit. It's really nice and goes a long way to solving your users' password complexity woes. It's simply to use and you can implement it in a matter of minutes.
Tom Hundley
Elegant Software Solutions