Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Password Policy Regex for Disallowing Repetition

amyers
New Contributor
New Contributor

‎06/01/2023 09:51 AM

We are trying to set up a Password Policy to avoid passwords that will generate the same character twice in a row. I thought we could easily do this with updating the Regex being used, so I modified it as such;

 

Original Regex: (?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[~!@#$%^&?]).{20,22}

 

Updated Regex: (?!.*(.)\1+).*(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[~!@#$%^&?]).{20,22}

 

The thought was that this will not match on anything with the same character twice in a row, which it does in a regex editor. However, when it is applied, the Saviynt engineer mentioned that this was "not allowing the tasks to be created." 

 

Why would this not allow password change tasks to be created? And if not this, how would I set it up to disallow repeated characters?

0 Kudos
5 REPLIES 5

Rishi
Saviynt Employee
Saviynt Employee

‎06/05/2023 03:45 PM

Can you check if the regex is correct? Because I tried to generate text using the regex that you want to use and its generating text of up to 122 characters.

I used the online tool https://www.browserling.com/tools/text-from-regex

 

 

0 Kudos

NageshK
Saviynt Employee
Saviynt Employee

‎06/05/2023 09:11 PM

@amyers As Rishi mentioned, the regex you mentioned was resulting in a stack overflow error (This is a common error for Regex) during the password generation. Also, trying for non repeating consecutive character is bit complex and the pwd generators usually has to go through few iterations before they can generate a match. So, its more prone to errors. Is there a specific functional/non-functional requirement you are trying to meet with this definition? 

Anyhow, can you try the following regex and see if that works for you? 

^(?=.{20,22}$)(?:([\w~!@#$%^&?])(?!\1))+$

I have tried in a test env and generated the below 2 passwords that looked good.

(pwd1: C0%Hd^5y58&314ydTsM9K  & pwd2: CREncv*E2Dg0oALnOY*A)

Additionally, you can also use the following url for a quick validation by inducing a repetiton 

https://regexr.com/34vol

after the above page loads, replace the existing expression in the page with the one I mentioned above and use the below texts. You will see that only 3 of the below will match the regex.

Sim$le0!Tes14R3&3XT
Sim$le0!Tes14R3&3XT$
Sim$le0!Tes14R3&3XT$t
Sim$le0!Tes14R3&3XTT$t
Sim$le0!Tes14R3&3XTt$t
Sim$le0!Tes14R3&3XT$tfd
Sim$le0!Tes14R3&3XT$tsre35hb

 

Thanks

Nagesh K

amyers
New Contributor
New Contributor

‎06/06/2023 08:35 AM

Hi Rishi, Nagesh,

Yes, it seems like the Regex I gave was not correct for what I was looking for. 
It appears that disallowing duplicate consecutive characters is harder than expected.

The customer has a rule in their AD environment that they won't allow for passwords with the same character multiple times in a row. Therefore, when CPAM generates a password that DOES have two characters in a row, it will fail in their environment.

Nagesh, I tried the one you provided and within a few generations, it created this;

6KaS1d7d^q3m3?Xhh$aP

which has the repeated "hh" towards the end, that would not work in their environment. It also was creating passwords up to 150 characters in length as Rishi saw.

Is this something I will have to tell the customer is not possible?

Thanks,

Andrew

0 Kudos

NageshK
Saviynt Employee
Saviynt Employee

‎06/08/2023 06:34 AM

@amyers Yes, that is the complexity I was referring to. The general guidelines on "restricting multiple repeated characters" imply we should not have passwords like "222444666", "aaabbccDDD", etc. I don't think a random repetition of one character will dent the complexity of the password. The more important factors in defining password complexity are length, character space (composition of chars like lower case, upper case,  numbers and  special chars)  and the combination of those characters. Also, when customer mentioned "avoid multiple repetitions" they would had meant more than twice. Please check with them once. If it is indeed more than once then it cannot be guaranteed. As seen with the examples, we are bound to get few instances of those. 

Thanks,

Nagesh K

0 Kudos

amyers
New Contributor
New Contributor

‎06/20/2023 10:57 AM

Hi, sorry for the delay.

This is what the customer has said: "We were having reset tasks fail, and we came to suspect repeated consecutive characters were being allowed which would not pass the complexity requirements we have set up."

So it sounds like it might not be a sure thing that they need to remove all consecutive duplicate characters. With your examples of things to avoid such as "222444666" and "aaabbccDDD", is there a regex we could use for avoiding that?

 

Finally, they also had a question, there are individual criteria fields such as "Minimum Special Characters", "Minimum Repeated Characters" etc. If we use these, would we then not use Regex? Or if we have Regex, can we also set some of those fields?

0 Kudos
Copyright © 2024 Khoros, LLC