• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 350
  • Last Modified:

RegEx Password Validation

I am looking for help building a regular expression for testing password complexity. The password requirements are:
 - one upper case
 - one lower case
 - one special character or number
 - at least 8 characters
0
evilmonkey2148
Asked:
evilmonkey2148
  • 3
  • 2
  • 2
  • +2
1 Solution
 
käµfm³d 👽Commented:
What text editor, programming language, or other miscellaneous utility are you using for password validation?
0
 
ozoCommented:
(?=.*[A-Z])(?=.*[a-z])(?=.*\W).{8}
0
 
Dan CraciunIT ConsultantCommented:
Since \W means spaces too, I would use
(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9~!@#$%^&*]).{8,}

HTH,
Dan
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
Terry WoodsIT GuruCommented:
Without start and end of string placeholders, this validation may be vulnerable to failure. Details given here: http://www.experts-exchange.com/Programming/Languages/Regular_Expressions/Q_28411422.html#a39997831
0
 
käµfm³d 👽Commented:
Terry,

I initially thought that too, but on further examination it shouldn't. Because the requirement only says, "at least 8 characters," the pattern holds. If it instead said, "between 8 and 15 characters," for example, then further restriction would be needed.
0
 
Terry WoodsIT GuruCommented:
Ah, yes, good point! :-)
0
 
evilmonkey2148Author Commented:
problem with this expression:
(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9~!@#$%^&*]).{8,}

is that i need to accept any special character on the keyboard.
0
 
Dan CraciunIT ConsultantCommented:
Considering you use a non-Unicode variant, \W means "anything that is not a letter A to Z, a to z, a number 0 to 9 or an underscore _".

This makes _ to not be allowed as a special character, while it will accept space, tab, carriage returns, bell, etc.  

It's better, IMO to specify exactly what is a "special character". \W is faster to write/read, but that's where its merits stop.

If you want to "accept any special character on the keyboard", you need to list them.
0
 
evilmonkey2148Author Commented:
(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9!@#\$%\^&\*\(\)_\+-=\[\]{}\\\|;':",\./<>\?).{8,}

So that should work?
0
 
Dan CraciunIT ConsultantCommented:
Yup.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

  • 3
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now