1 - create/find a regex to not aloow any words, you can create here your own: https://txt2re.com/
2 - save the top 350.000 words in your database/mf and check the string by yourself before doing this...
3 - find a java developer who can get it work to use com.platinum.dpv.DictionaryPasswordValidator
both seem not practical to me. out curiousity what kind of app ask for this? seen a lot apps but didnt encouter this one :D
What a completely retarded requirement from the security team...
Passwords in general should be long and hard to brute force with the number of letter combinations.
A password containing several random dictionary words would be far stronger than a short string of random characters.
would be near endlessly more secure than
now if I would force my user to passwords like this:
They will never ever remember their password or make typos in it.
Which then is followed up by:
- I need to be able to look at my written password during logging in (checking the last password for typos will take you about 20 seconds which is plenty for me to take a picture over your shoulder)
- Reset your password every time you try to log in.