• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 345
  • Last Modified:

RegEx Password Validation

I am looking for help building a regular expression for testing password complexity. The password requirements are:
 - one upper case
 - one lower case
 - one special character or number
 - at least 8 characters
0
evilmonkey2148
Asked:
evilmonkey2148
  • 3
  • 2
  • 2
  • +2
1 Solution
 
käµfm³d 👽Commented:
What text editor, programming language, or other miscellaneous utility are you using for password validation?
0
 
ozoCommented:
(?=.*[A-Z])(?=.*[a-z])(?=.*\W).{8}
0
 
Dan CraciunIT ConsultantCommented:
Since \W means spaces too, I would use
(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9~!@#$%^&*]).{8,}

HTH,
Dan
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Terry WoodsIT GuruCommented:
Without start and end of string placeholders, this validation may be vulnerable to failure. Details given here: http://www.experts-exchange.com/Programming/Languages/Regular_Expressions/Q_28411422.html#a39997831
0
 
käµfm³d 👽Commented:
Terry,

I initially thought that too, but on further examination it shouldn't. Because the requirement only says, "at least 8 characters," the pattern holds. If it instead said, "between 8 and 15 characters," for example, then further restriction would be needed.
0
 
Terry WoodsIT GuruCommented:
Ah, yes, good point! :-)
0
 
evilmonkey2148Author Commented:
problem with this expression:
(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9~!@#$%^&*]).{8,}

is that i need to accept any special character on the keyboard.
0
 
Dan CraciunIT ConsultantCommented:
Considering you use a non-Unicode variant, \W means "anything that is not a letter A to Z, a to z, a number 0 to 9 or an underscore _".

This makes _ to not be allowed as a special character, while it will accept space, tab, carriage returns, bell, etc.  

It's better, IMO to specify exactly what is a "special character". \W is faster to write/read, but that's where its merits stop.

If you want to "accept any special character on the keyboard", you need to list them.
0
 
evilmonkey2148Author Commented:
(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9!@#\$%\^&\*\(\)_\+-=\[\]{}\\\|;':",\./<>\?).{8,}

So that should work?
0
 
Dan CraciunIT ConsultantCommented:
Yup.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

  • 3
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now