Consider the following: If you are using a supported browser you can use the form below to test the regular expression: If you want to restrict the password to ONLY letters and numbers (no spaces or other characters) then only a slight change is required.
Instead of using is shorthand for 'any letter, number or the underscore character'.
Instead of as this lets the browser (and the user) know that the contents of that field need to be secured.
The password won't appear on the screen as you type and most browsers also won't 'remember' the values entered in fields as they do with other form elements.
For security a password should never be displayed in HTML or sent by email.
If you're concerned about security you should have some policy on what constitutes a valid password.
This code will work for browsers as far back as Netscape 4 (circa 1997). If you're not sure how to place this on your page, you might need to read the preceding article on Form Validation, or view the HTML source of this page.
Again, you can use the form below to test this regular expression: Restricting which characters can be used is not good practice as punctuation and other symbols provide extra security.
You might implement this code on your own website as follows: As you can see, it's well worth learning the intricacies of regular expressions.
Otherwise your application needs to provide this function.
Passwords need to be stored encrypted in the database or elsewhere and any backups should also be encrypted.