regular expression - password policy enforcement

Posted on 2010-08-24
Last Modified: 2012-05-10
Hello Experts,

I need a regular expression string that matches (1 capitol, 1 lowercase, 1 number, 1 special character)

I had this:

which seemed to be working until I added the '#' character to the string at which point it quits. Unfortunately this problem got missed until about a week away from production so I am reaching out...

Any help appreciated!
I am using this expression with the PCRE engine.
Question by:glo-dba
  • 4
LVL 20

Accepted Solution

alainbryden earned 500 total points
Comment Utility
This regular expression seems to have everything you need. If you don't require at least 10 characters you can remove that first part:


    * Must be at least 10 characters
    * Must contain at least one one lower case letter, one upper case letter, one digit and one special character
    * Valid special characters (which are configurable) are -   @#$%^&+=

LVL 20

Expert Comment

Comment Utility
Well it looks like your problem might be that in the PCRE documentation, comments are delimited by the # mark. Maybe you need to escape it by using it twice? (##)
LVL 20

Expert Comment

Comment Utility
I stand corrected, apparently using \# to escape the hash character should take care of it.
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

LVL 20

Expert Comment

Comment Utility
Here's the man page for your reference:
The relevant section for the # problem has the header "BACKSLASH"

Expert Comment

Comment Utility
By the way, you may also want to escape $ sign, otherwise Perl will expand $^ variable.

Author Closing Comment

Comment Utility
Your string works fine. My string doesn't work. It may be may an inconsistency in the "regex buddy" PRCE engine.

Thank you very much!

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

I have been reconstructing a PHP-based application that has grown into a full blown interface system over the last ten years by a developer that has now gone into business for himself building websites. I am not incredibly fond of writing PHP code o…
Do you hate spam? I do, and I am willing to bet you do as well. I often wonder, though, "if people hate spam so much, why do they still post their email addresses on the web?" I'm not talking about a plain-text posting here. I am referring to the fa…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now