DEV Community staff staff

Posted on

Daily Challenge #224 - Password Validator

Write a quick password validator to make sure that the people that visit your site use appropriate passwords.

Respond with "VALID" if the string meets the requirements or "INVALID" if it does not.

More than 3 characters but less than 20.
Must contain only alphanumeric characters.
Must contain letters and numbers.

'Username123!' => INVALID
'123' => INVALID
'Username123' => VALID


Good luck!

This challenge comes from jhoffner on CodeWars. Thank you to CodeWars, who has licensed redistribution of this challenge under the 2-Clause BSD License!

Want to propose a challenge idea for a future post? Email with your suggestions!

Top comments (21)

franky47 profile image
François Best • Edited

Please, please, please... do not set maximum lengths on passwords. [1]

It's 2020, you should be hashing [2] your passwords (so the output is constant length no matter what the input). Password strength is based on two things: entropy (randomness) and length. Since people are usually bad at entropy, let them enter long passwords or passphrases if they want to. Also it sucks for people with password managers to have to generate custom rules. Accept any character, even spaces (you're hashing the password, so you can even accept ';-- for that matter), for passphrases.

[1] If you really want to set one to avoid 1GiB passwords, put it at 256 characters, so that password managers can go wild.
[2] Yes, I mean hashing + salting, don't roll it yourself and use bcrypt.

I know this is a training exercise, but cargo cult security is real.

merrickfox profile image
Merrick Fox

Nice idea but it's not always your choice.

Case in point, you're advocating using bcrypt when bcrypt itself can only support 72 characters maximum, anything larger is truncated.

lunaticneko profile image
Chawanat Nakasan

Maybe archaic systems, and also, shorter lengths are easier to make test cases that are easy for inspection. Most programming challenges I know are usually short and sweet (unless we're dealing with huge data deliberately).

vidit1999 profile image
Vidit Sarkar

Python solution

passwordValidator = lambda password : "VALID" if((3 < len(password) < 20) and password.isalnum() and any(map(str.isdigit, password)) and any(map(str.isalpha, password))) else "INVALID"

Here is the detailed version of above,

def passwordValidator(password : str) -> str:
    if(3 < len(password) < 20):
            if(any(map(str.isdigit, password)) and any(map(str.isalpha, password))):
                return "VALID"
    return "INVALID"


print(passwordValidator('Username123!')) # output -> INVALID
print(passwordValidator('123')) # output -> INVALID
print(passwordValidator('Username123')) # output -> VALID
print(passwordValidator('Username')) # output -> INVALID
print(passwordValidator('IsThisPasswordTooLong')) # output -> INVALID
print(passwordValidator('DEVCommunity')) # output -> INVALID
mburszley profile image
Maximilian Burszley

A little more readable example that is explicit about the lazy evaluation (chaining and)

def validatePassword(password: str) -> str:
    if (3 < len(password) < 20
            and password.isalnum()
            and any(map(str.isdigit, password))
            and any(map(str.isalpha, password))):
        return 'VALID'
    return 'INVALID'

assert validatePassword('Username123!') == 'INVALID'
assert validatePassword('123') == 'INVALID'
assert validatePassword('Username123') == 'VALID'

assert validatePassword('Username') == 'INVALID'
assert validatePassword('IsThisPasswordTooLong') == 'INVALID'
assert validatePassword('DEVCommunity') == 'INVALID'
mburszley profile image
Maximilian Burszley • Edited

A lazy JS implementation:

function validatePassword(password) {
  const pattern = /^[a-z0-9]{4,19}$/i;
  const test = pattern.test(password) && /[a-z]/i.test(password) && /[0-9]/.test(password);

  return test ? 'VALID' : 'INVALID';

function testValidatePassword() {
  console.assert(validatePassword('Username123!') === 'INVALID');
  console.assert(validatePassword('123') === 'INVALID');
  console.assert(validatePassword('Username123') === 'VALID');

  console.assert(validatePassword('Username') === 'INVALID');
  console.assert(validatePassword('IsThisPasswordTooLong') === 'INVALID');
  console.assert(validatePassword('DEVCommunity') === 'INVALID');
qm3ster profile image
Mihail Malo • Edited


fn validize(pwd: &str) -> bool {
    if !(3..=20).contains(&pwd.len()) {
        return false;
    let mut alph = false;
    let mut num = false;
    for c in pwd.chars() {
        match c {
            '0'..='9' => num = true,
            'a'..='z' | 'A'..='Z' => alph = true,
            _ => return false,
    alph && num

// usage
fn main() {
    let t = |pwd| println!("{} => {}", pwd, validize(pwd));

Imperative, because two predicates of any and one of all would be three iterations, and that is simply not acceptable.
The lambda is only a lambda to save lines on the internet. Don't do such things.
Look at it go.

kesprit profile image
kesprit • Edited

My swift solution :

func passwordValidator(password: String) -> String {
    ((password.reduce(true) { $0 == true && ($1.isLetter || $1.isNumber) }) &&
        3..<20 ~= password.count &&
        (password.contains { $0.isLetter }) &&
        (password.contains { $0.isNumber })) ? "VALID" : "INVALID"

passwordValidator(password:"Username123!") // INVALID
passwordValidator(password:"123") // INVALID
passwordValidator(password:"Username123") // VALID
maskedman99 profile image
Rohit Prasad


var = input("Enter the password: ")
aflag = 0
nflag = 0
sflag = 0

if len(var) < 4 or len(var) > 19:
        for i in var:
                if i.isalpha():
                        aflag += 1
                elif i.isnumeric():
                        nflag += 1
                        sflag += 1

        if aflag == 0 or nflag == 0 or sflag != 0:
neradev profile image
Moritz Schramm

DEVCommunity would be invalid because it's missing the numeric part ;)

shhdharmen profile image
Dharmen Shah

A quick JS function:

const PASS_REGEX = /^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d]{4,20}$/g;
function validPass(password){
  return < 0 ? 'INVALID' : 'VALID';
davidmmooney profile image

I think you missed rule 3. The password needs both alpha and numeric.