Because the input type obscures the text typed, you should let the user confirm that they haven't made a mistake.
The simplest way to do this is to have the password entered twice, and then check that they are identical.
Consider the following: If you are using a supported browser you can use the form below to test the regular expression: If you want to restrict the password to ONLY letters and numbers (no spaces or other characters) then only a slight change is required.
A lot of websites now require registration, meaning that users need to be assigned a username and password.
Here are some simple steps to make the process more secure.
Another method is to display what they've entered as part of a 'confirmation page'.
The problem here is that you're making the password visible in the browser, browser cache, proxy, etc.
The form below has three input fields: username, pwd1 and pwd2. If a false value is returned then the form submission is cancelled.
This code will work for browsers as far back as Netscape 4 (circa 1997). If you're not sure how to place this on your page, you might need to read the preceding article on Form Validation, or view the HTML source of this page.Again, you can use the form below to test this regular expression: Restricting which characters can be used is not good practice as punctuation and other symbols provide extra security.You might implement this code on your own website as follows: As you can see, it's well worth learning the intricacies of regular expressions.Otherwise your application needs to provide this function.Passwords need to be stored encrypted in the database or elsewhere and any backups should also be encrypted.The best thing about HTML5 attributes is that they have no effect whatsoever on unsupported browsers, so older versions of Internet Explorer will act as if they are not present and just run the Java Script validation as before.