Stefan Hornburg (Racke) > Data-Transpose-0.0003 > Data::Transpose::PasswordPolicy



Annotate this POD

View/Report Bugs
Module Version: 0.02   Source   Latest Release: Data-Transpose-0.0020


Data::Transpose::PasswordPolicy - Perl extension to enforce password policy


  use Data::Transpose::PasswordPolicy;

  my %credentials = (username => "marco",
                    password => "My.very.very.5strong.pzwd"

  my $pv = Data::Transpose::PasswordPolicy->new(\%credentials)
  if (my $password = $pv->is_valid) {
    print "$password is OK";
  else {
    die $pv->error


This module enforces the password policy, doing a number of checking. The author reccomends to use passphrases instead of password, using some special character (like punctuation) as separator, with 4-5 words in mixed case and with numbers as a good measure.

You can add the policy to the constructor, where minlength is the minimum password length, maxlength is the maximum password and mindiffchars is the minimum number of different characters in the password. Read below for patternlength

By default all checkings are enabled. If you want to configure the policy, pass an hashref assigning to the disabled checking a true value. This will leave only the length checks in place, which you can tweak with the accessors. For example:

  my %validate = ( username => "marco",
                   password => "ciao",
                   minlength => 10,
                   maxlength => 50,
                   patternlength => 4,
                   mindiffchars => 5,
                   disabled => {
                                 digits => 1,
                                 mixed => 1,
  my $pv = Data::Transpose::PasswordPolicy->new(\%validate)
  $pv->is_valid ? "OK" : "not OK";

See below for the list of the available checkings.

Please note: the purpose of this module is not to try to crack the password provided, but to set a policy for the passwords, which should have some minimum standards, and could be used on web services to stop users to set trivial password (without keeping the server busy for seconds while we check it). Nothing more.



Create a new Data::Transpose::PasswordPolicy object using the credentials provided as hashref.



Set and return the new password. If no argument is provided, returns the current. It will strip leading and trailing spaces.


Set and return the new username. If no argument is provided, returns the current. It will strip leading and trailing spaces.


It returns the length of the password;


Returns the minimum length required. If a numeric argument is provided, set that limit. Defaults to 255;


As above, but for the maximum. Defaults to 12;


As above, but set the minimum of different characters (to avoid things like 00000000000000000ciao00000000000.

Defaults to 6;


As above, but set the length of the common patterns we will search in the password, like "abcd", or "1234", or "asdf". By default it's 3, so a password which merely contains "abc" will be discarded.

This option can also be set in the constructor.

Internal algorithms ^

All the following methods operate on $obj->password and return the message of the error if something if not OK, while returning false if nothing suspicious was found.


Check if the password is in the range of permitted lengths.


Check if the password contains the username, even if obfuscated.

Disable keyword: username


Check if the password contains, even obfuscated, common password like "password" et similia.

Disable keyword: common


Check if the password has enough different characters.

Disable keyword: varchars


Check if the password has mixed cases

Disable keyword: mixed


Check if the password has non-word characters

Disable keyword: specials


Check if the password has digits

Disable keyword: digits


Check if the password has letters

Disable keyword: letters


Check if the password contains usual patterns like 12345, abcd, or asdf (like in the qwerty keyboard).

Disable keyword: patterns

Main methods ^


Return the password if matches the policy or a false value if not.


With argument, set the error. Without, return the errors found in the password.


Clear the object from previous errors, in case you want to reuse it.

$obj->disable("mixed", "letters", "digits", [...])

Disable the checking(s) passed as list of strings.

$obj->enable("mixed", "letters", [...])

Same as above, but enable the checking


Return true if the checking is disable.


None by default.



Marco Pessotto, <>


Copyright (C) 2013 by Marco Pessotto

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.16.2 or, at your option, any later version of Perl 5 you may have available.

syntax highlighting: