What do you think? Discuss, post comments, or ask questions at the end of this article [More about me]

Skip to end of metadata
Go to start of metadata

In Atlassian crowd we can enforce password requirements via a password regex expression and an associated password complexity requirement message.

Password must be a minimum of 8 characters, with at least: one uppercase letter, one lowercase letter, one number.
^(?=.*[a-z])(?=.*[A-Z])(?=.*\d).{8,}$

You can use this excellent regular expression generator/tester to test your expressions.

Here's another example that I've used.  This one enforces 8 characters (can be any including special characters) but no whitespace characters

Password must be a minimum of 8 characters and contain no spaces
^\S*\S{8,}$

EXPLANATION: what this is syaing: the password must start with a non-whitespace character, then match on multiple non-whitespace characters, and finally the last 8 characters must also be non-whitespace characters.

Problem

The issue is that this message is not displayed in confluence (or JIRA I presume) when we enable functionality to set/change passwords via confluence.  All that will show is some message about the password not being valid (which isn't much help).  This is an interesting (and annoying) oversight.

Fortunately, we can overcome this oversight (somewhat) via CSS content insertion. 

Workaround

See below for something I cooked up to insert a password requirement message in confluence's user change password & new sign up screens.  This should work in all modern browsers.

Simply add (and modify to suit) the following to confluence's global stylesheets (General configuration → Stylesheet):

CSS to add to confluence's global stylesheet. Note \A causes a linebreak.
/* add message showing password requirements on user change password page */
form[name^="changepassword"]:after {
    color: red;
    white-space: pre;
    font-style: italic;
    content: "\APassword must be a minimum of 8 characters with:\A
 - at least one uppercase letter;\A
 - at least one lowercase letter;\A
 - at least one number.";
}

/* add message showing password requirements to sign-up page */
div[id^="loginMessage"]:before {
    color: red;
    white-space: pre;
    font-style: italic;
    content: "Password must be a minimum of 8 characters with:\A
 - at least one uppercase letter;\A
 - at least one lowercase letter;\A
 - at least one number.\A  ";
}

What this does is show the following message on both the user change password screen and the new user signup sheets.  This is what it looks like:

User change password screen with CSS content inserted message.

New user sign up screen with CSS content inserted message.