Solved

RegEx Password Validation

Posted on 2014-04-11
10
329 Views
Last Modified: 2014-04-14
I am looking for help building a regular expression for testing password complexity. The password requirements are:
 - one upper case
 - one lower case
 - one special character or number
 - at least 8 characters
0
Comment
Question by:evilmonkey2148
  • 3
  • 2
  • 2
  • +2
10 Comments
 
LVL 74

Expert Comment

by:käµfm³d 👽
ID: 39994939
What text editor, programming language, or other miscellaneous utility are you using for password validation?
0
 
LVL 84

Accepted Solution

by:
ozo earned 500 total points
ID: 39994941
(?=.*[A-Z])(?=.*[a-z])(?=.*\W).{8}
0
 
LVL 34

Expert Comment

by:Dan Craciun
ID: 39994966
Since \W means spaces too, I would use
(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9~!@#$%^&*]).{8,}

HTH,
Dan
0
 
LVL 35

Expert Comment

by:Terry Woods
ID: 39997842
Without start and end of string placeholders, this validation may be vulnerable to failure. Details given here: http://www.experts-exchange.com/Programming/Languages/Regular_Expressions/Q_28411422.html#a39997831
0
 
LVL 74

Expert Comment

by:käµfm³d 👽
ID: 39997881
Terry,

I initially thought that too, but on further examination it shouldn't. Because the requirement only says, "at least 8 characters," the pattern holds. If it instead said, "between 8 and 15 characters," for example, then further restriction would be needed.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 35

Expert Comment

by:Terry Woods
ID: 39997936
Ah, yes, good point! :-)
0
 

Author Comment

by:evilmonkey2148
ID: 39998986
problem with this expression:
(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9~!@#$%^&*]).{8,}

is that i need to accept any special character on the keyboard.
0
 
LVL 34

Expert Comment

by:Dan Craciun
ID: 39999027
Considering you use a non-Unicode variant, \W means "anything that is not a letter A to Z, a to z, a number 0 to 9 or an underscore _".

This makes _ to not be allowed as a special character, while it will accept space, tab, carriage returns, bell, etc.  

It's better, IMO to specify exactly what is a "special character". \W is faster to write/read, but that's where its merits stop.

If you want to "accept any special character on the keyboard", you need to list them.
0
 

Author Comment

by:evilmonkey2148
ID: 39999053
(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9!@#\$%\^&\*\(\)_\+-=\[\]{}\\\|;':",\./<>\?).{8,}

So that should work?
0
 
LVL 34

Expert Comment

by:Dan Craciun
ID: 39999069
Yup.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

I have been reconstructing a PHP-based application that has grown into a full blown interface system over the last ten years by a developer that has now gone into business for himself building websites. I am not incredibly fond of writing PHP code o…
Whatever be the reason, if you are working on web development side,  you will need day-today validation codes like email validation, date validation , IP address validation, phone validation on any of the edit page or say at the time of registration…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now