"When I went to dispute my credit information," Raj K wrote, "I noticed that the company's online form required a complex password. The developer in me was curious as to how the validation was implemented, so I viewed the page source. Shortly thereafter, my palm quickly met my forehead."

Following is a summary of the 700-line function used to validate the form's three different fields...

function validate(){

   ... snip ...

   var pswdSpl = 0;
   var pswdAlpha = 0;
   var pswdNum = 0;
   var pswdCap = 0;

   ... snip ...

   for ( x = 0; x < passStr.length; x++ ) {
      x = passStr.indexOf("a", x );
      if ( x > -1 ) {
         pswdAlpha = pswdAlpha + 1;
      } else {
         break;
      }
   } 
   for ( x = 0; x < passStr.length; x++ ) {
      x = passStr.indexOf("b", x );
      if ( x > -1 ) {
         pswdAlpha = pswdAlpha + 1;
      } else {
         break;
      }
   } 

   ... snip ...

   for ( x = 0; x < passStr.length; x++ ) {
      x = passStr.indexOf("z", x );
      if ( x > -1 ) {
         pswdAlpha = pswdAlpha + 1;
      } else {
         break;
      }
   } 
   for ( x = 0; x < passStr.length; x++ ) {
      x = passStr.indexOf("A", x );
      if ( x > -1 ) {
         pswdAlpha = pswdAlpha + 1;
         pswdCap = pswdCap + 1;
      } else {
         break;
      }
   } 

   ... snip ...

   for ( x = 0; x < passStr.length; x++ ) {
      x = passStr.indexOf("Z", x );
      if ( x > -1 ) {
         pswdAlpha = pswdAlpha + 1;
         pswdCap = pswdCap + 1;
      } else {
         break;
      }
   } 

   ... snip ...

   var passindex = passStr.indexOf("0");  
   if ( passindex > -1)  {
      pswdNum = pswdNum + 1;
        }       

   var passindex = passStr.indexOf("1");
   if(passindex >-1){
           pswdNum = pswdNum + 1;
   }   
    
   var passindex = passStr.indexOf("2");
   if(passindex > -1){
           pswdNum = pswdNum + 1;
   }   

   ... snip ...

   var passindex = passStr.indexOf("9");
   if(passindex > -1){
      pswdNum = pswdNum + 1;
   }          
   
   if ( pswdNum < 1 ){ 
      alert("Your password must contain at least one number!")
      document.forms[0].NewPassword.focus();
      return;
   }
         
   ... snip ...

   var passindex = passStr.indexOf("~");
   if(passindex > -1){
      pswdSpl = pswdSpl + 1;
   }

   ... snip ...

   var passindex = passStr.indexOf("?");
   if(passindex > -1){
      pswdSpl = pswdSpl + 1;
   }
   
   if (pswdSpl < 1)  { 
      alert("Your password must contain at least one " +
            "of the special characters listed!")
      document.forms[0].NewPassword.focus();
      return;
   }
   
   ... snip ...
    
}