Here's an example password policy:
Example password policy with complexity enabled |
We would like to see if a given list of passwords conform these settings, mainly the length and complexity. Based on Microsoft's definition a password is complex if contains characters from three of the following five categories:
- Uppercase characters of European languages (A through Z, with diacritic marks, Greek and Cyrillic characters)
- Lowercase characters of European languages (a through z, sharp-s, with diacritic marks, Greek and Cyrillic characters)
- Base 10 digits (0 through 9)
- Nonalphanumeric characters: ~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/
So we want a quick script which verifies if the password is at least 10 characters long and is complex. There are many ways to do it and can be done with hardcore regex patterns or just simple direct checks, here's one not too complicated way to do it, this is the output:
Password complexity check output |
the script:
function checkpwcplx ($passwordString){
$pwComplexity = 0
# checking the minimal length, if it's shorter, no need to continue
if($passwordString.length -lt 10){
return "length <10"
}
# lowercase
if($passwordString -cmatch "[a-z]"){
$pwComplexity++
}
# uppercase
if($passwordString -cmatch "[A-Z]"){
$pwComplexity++
}
# digits
if($passwordString -cmatch "[0-9]"){
$pwComplexity++
}
# special character (not alphabetic characters or numbers)
if($passwordString -cmatch "[^a-zA-Z0-9]"){
$pwComplexity++
}
# if 3 of the criterias
if($pwComplexity -ge 3){
return "complex"
}
else{
return "NOT complex"
}
}
$list = @($input)
$list | %{
$obj = "" | select Password,Complexity
$obj.Password = $_
$obj.Complexity = checkpwcplx $_
$obj
}
t