Remember that, as Java Script isn't available in all browsers, you should also use server-side scripting to validate all data before recording it in a database or elsewhere.You might also want to spice up your forms using HTML5 Form Validation as we've done further down the page.In most browsers - those that support Java Script 1.5 (Firefox, Chrome, Safari, Opera 7 and Internet Explorer 8 and higher) - you can use more powerful regular expressions. The code presented above is fine in that it checks everything that we wanted to check, but uses a lot of code to test each requirement individually and present different error messages.We're going to show you now how to apply the password tests using a single regular expression.One popular approach is to install Fail2Ban to monitor log files and lock out repeat offendors.Of course that only works if your login system reports failed login attempts to a system log file.They can be used not just in Java Script, but also PHP, Perl, Java and many other languages.Some text editors (not just vi) also allow them when searching for or replacing text. This is a new technique available in modern browsers and definitely the way of the future.
Here are some simple steps to make the process more secure.
A few simple form attributes can have the same effect as reams of Java Script code libraries.
Here we have an enhanced version of the above code where we've added HTML5 handler to the first password field which updates the pattern required by the second password field - in effect forcing them to be identical: Here you can see a screen shot from Safari of the form being completed.
Otherwise your application needs to provide this function.
Passwords need to be stored encrypted in the database or elsewhere and any backups should also be encrypted.
Instead of as this lets the browser (and the user) know that the contents of that field need to be secured.