The London Perl and Raku Workshop takes place on 26th Oct 2024. If your company depends on Perl, please consider sponsoring and/or attending.


Data::Password::Check - sanity check passwords


Users can be lazy. If you're a perl programmer this is a good thing. If you're choosing a password this is a bad thing.

This module performs some sanity checks on passwords. Details on checks than can be performed are described below.


Basic use of the module is as follows:

  use Data::Password::Check;

  # check a password
  my $pwcheck = Data::Password::Check->check({
    'password' => $some_password

  # did we have any errors?
  if ($pwcheck->has_errors) {
    # print the errors
       join("\n", @{ $pwcheck->error_list }),


These methods are publically available. Use them to your heart's content.


This is the main function for this module. You must pass one mandatory value in the $options hash-reference - a password:

  # check a password
  $result = Data::Password::Check->check({'password' => $pwd_to_check});

There are other options that may be passed to invoke further password tests if required:

  • tests

    set this to a list of test names to replace the list of tests performed by the module

    e.g. tests => [ 'length' ] will make the module perfoem the length check only

  • tests_append

    set this to a list of additional tests to perform. This is useful if you want to call more tests than are in the default list, or to include your own tests when inheriting from this module.

    e.g. test => [ 'mytest1', 'mytest2' ] will make the module perform two extra tests (assuming they exist) mytest1 and mytest2.


This function is used to determine if there were any errors found while sanity checking the supplied password. It does not return the errors themselves.

Returns 1 if there were errors, 0 otherwise


This function returns an array-reference to a list of the error messages. If there are no errors undef is returned.


By default the module will perform all checks listed below. You can limit the number of checks by passing a list of desired tests via the tests option when calling check(). e.g.

    'tests' => [ 'length' ], # check only that the password meets a minimum-length requirement


Make sure the password only contains a-z, A-Z and 0-9 characters.


Make sure the password contains one of each from the following sets: a-z, A-Z and 0-9


Make sure the password it at least 6 characters long. If min_length was passed as an option to check(), this value will be used instead, assuming it's a positive integer.


Make sure the password is mixes case, i.e. not all lower case, nor all upper case


Make sure the password is contains a diversity of character group types (uppercase, lower case, digits, symbols). By default, at least one character group must be present in the password (which any password will satisfy - override this to invoke the test). If diversity_required was passed as an option to check(), this value will be used instead.


Make sure the password isn't a known silly word (e.g 'password' is a bad choice for a password).

The default list contains qwerty, and password only. You may choose to replace this list of words or to add your own to the end of the list.

If you wish to replace the list of silly-words, you should pass them in via the options when calling check(), as 'silly_words'. e.g.

    'silly_words' => [ 'my', 'silly', 'words' ],

If you would like to add words to the existing list, you should pass them in via the 'silly_words_append' option when calling check(). e.g.

    'silly_words_append' => [ 'more', 'silly', 'words' ],

All matching is case-insensitive, and if you choose to append words, duplicates will be omitted.


Make sure the password isn't a single character repeated, e.g. 'aaaaaaaaaa'.


These methods are private to this module. If you choose to use them outside the module, all bets are off.


This function calls each required test in turn. It's an internal function called within check().


This function is used to add an error message to the internal store. The errors can later be retrieved using the error_list() method.


This function exists so that it's possible to work out if a test was skipped because "something went wrong" - usually because of an invalid option passed in via the check() options.

This function was written to enable some tests in the "make test" phase of installing the module.


Chisel Wright <>




This project can be found at BerliOS:


Copyright (C) 2005-2007 by Chisel Wright

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.2 or, at your option, any later version of Perl 5 you may have available.