Consider the following: If you are using a supported browser you can use the form below to test the regular expression: If you want to restrict the password to ONLY letters and numbers (no spaces or other characters) then only a slight change is required.
Instead of using is shorthand for 'any letter, number or the underscore character'.
Remember that, as Java Script isn't available in all browsers, you should also use server-side scripting to validate all data before recording it in a database or elsewhere.
You might also want to spice up your forms using HTML5 Form Validation as we've done further down the page.
If the purpose of registration is to confirm that the person exists, and that they have supplied a valid email address, then as part of the registration processe you a should either email them a random password or a confirmation token rather than letting them choose their own password and use it immediately.
The code presented below would then be used for letting the user change their password.
Here are some simple steps to make the process more secure.
Instead of as this lets the browser (and the user) know that the contents of that field need to be secured.
The password won't appear on the screen as you type and most browsers also won't 'remember' the values entered in fields as they do with other form elements.
They can be used not just in Java Script, but also PHP, Perl, Java and many other languages.
Some text editors (not just vi) also allow them when searching for or replacing text. This is a new technique available in modern browsers and definitely the way of the future.