>Hi.
>Has anyone come across any Foxpro Utility/Methods to enforce 'Best Practise' for Password Complexity.
>After an audit of our software, Auditors have recommended to put in place a 'Complex ' password
>If this is already there somewhere, it would save a bit of time
>
>Tia
>Gerard
Forget about it.
The problem is simply a long random key stored to something long. If you think to use cheap MS hashes (just like the ones the system uses for your login) it is enough to have the hash to get something that meets the hash. You understand, not your password, one fitting.
With todays hardware this is fast and cheap.
Wide field.
Also note that users write down complex passwords (c:\password.txt) more likely, what will be a seurity breech as well.
If it is just for the audtors, just check out if there are some none letter chars as well as some numbers, lenght is the easy part. More work is permanent change, prohibit reuse of (last n) passwords and so on.
But cheap'n'dirty
lcPassword = INPUTBOX()
lnLen = len(lcPassword)
lnDigitLen = LEN(CHRTRAN(lcPassword,CHRTRAN(lcPassword,'0123456789',''),''))
lnNotAlphaDigitLen = LEN(CHRTRAN(lower(lcPassword),CHRTRAN(lower(lcPassword),'abcdefghijklmnopqrstuvwxyzöäüß',''),''))
do case
case lnDigitLen<DigitsYouNeedToHave
case lnNotAlphaDigitLen<NoAlphaDigitsYouNeedToHave
case lnNotAlphaDigitLen+lnDigitLen=lnLen
endcase
In reality any combination word+sign+word is bad if the word is in any digtionary. They are in rainbow tables for ages.
Words are given to man to enable him to conceal his true feelings.
Charles Maurice de Talleyrand-Périgord
Weeks of programming can save you hours of planning.
OffThere is no place like [::1]
