Regex for validating password requirements

I need some regex help. I am currently using the following regex "^(?=.*[a-z])(?=.*[A-Z])(?=.*[^a-zA-Z])(?=.*[^a-zA-Z])\S{8,20}$" (without the quotes) to validate a password that would require an upper, lower and non-alpha character. I need regex to meet the following criteria:

The password contains characters from three of the following categories:

Uppercase letters
Lowercase letters
Base 10 digits (0 through 9)
Non-alphanumeric characters (special characters): (~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/) Currency symbols such as the Euro or British Pound are not counted as special characters for this policy setting.
Any Unicode character that is categorized as an alphabetic character but is not uppercase or lowercase. This includes Unicode characters from Asian languages.
Jacob LepleyBusiness Systems Programming AnalystAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Terry WoodsIT GuruCommented:
I'm not sure about the part of the pattern for the unicode characters. I've added a placeholder to the pattern for that part.

I've assumed you still want from 8 to 20 non-space characters.

The components of the pattern are as follows:

Uppercase letters:
(?=.*[A-Z])

Open in new window


Lowercase letters:
(?=.*[a-z])

Open in new window


Base 10 digits (0 through 9):
(?=.*\d)

Open in new window


Non-alphanumeric characters (special characters): (~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/) Currency symbols such as the Euro or British Pound are not counted as special characters for this policy setting. :
(?=.*[\"\^\-\]\\~!@#$%&*_+=`|(){}[:;'<>,.?/])

Open in new window

(note that I've put the characters that need escaping at the start of the character set, to help make it clear what's been escaped)

Any Unicode character that is categorized as an alphabetic character but is not uppercase or lowercase. This includes Unicode characters from Asian languages. :
(?=.*[unicode])

Open in new window

(placeholder... someone else might be able to help with this)

These patterns would be better tested individually, rather than in a single regular expression pattern. However, if you must have a single pattern, then it would be structured like this to cover all the possible combinations:

^(
(p1)(p2)(p3)|
(p1)(p2)(p4)|
(p1)(p2)(p5)|
(p1)(p3)(p4)|
(p1)(p3)(p5)|
(p1)(p4)(p5)|
(p2)(p3)(p4)|
(p2)(p3)(p5)|
(p2)(p4)(p5)|
(p3)(p4)(p5)
)\S{8,20}$

Open in new window


This gives the following pattern:

^(
(?=.*[A-Z])(?=.*[a-z])(?=.*\d)|
(?=.*[A-Z])(?=.*[a-z])(?=.*[\"\^\-\]\\~!@#$%&*_+=`|(){}[:;'<>,.?/])|
(?=.*[A-Z])(?=.*[a-z])(?=.*[unicode])|
(?=.*[A-Z])(?=.*\d)(?=.*[\"\^\-\]\\~!@#$%&*_+=`|(){}[:;'<>,.?/])|
(?=.*[A-Z])(?=.*\d)(?=.*[unicode])|
(?=.*[A-Z])(?=.*[\"\^\-\]\\~!@#$%&*_+=`|(){}[:;'<>,.?/])(?=.*[unicode])|
(?=.*[a-z])(?=.*\d)(?=.*[\"\^\-\]\\~!@#$%&*_+=`|(){}[:;'<>,.?/])|
(?=.*[a-z])(?=.*\d)(?=.*[unicode])|
(?=.*[a-z])(?=.*[\"\^\-\]\\~!@#$%&*_+=`|(){}[:;'<>,.?/])(?=.*[unicode])|
(?=.*\d)(?=.*[\"\^\-\]\\~!@#$%&*_+=`|(){}[:;'<>,.?/])(?=.*[unicode])
)\S{8,20}$

Open in new window


I've added linebreaks to the pattern for clarity. You need to remove those in the actual implementation.

Also, depending on the language, you may need to add additional escaping of characters such as backslashes, dollar signs, and single or double quotes
0
Jacob LepleyBusiness Systems Programming AnalystAuthor Commented:
Thanks Terry!
So if I wanted to test without the unicode it would look something like this?

^((?=.*[A-Z])(?=.*[a-z])(?=.*\d)(?=.*[A-Z])(?=.*[a-z])(?=.*[\"\^\-\]\\~!@#$%&*_+=`|(){}[:;'<>,.?/])(?=.*[A-Z])(?=.*\d)(?=.*[\"\^\-\]\\~!@#$%&*_+=`|(){}[:;'<>,.?/])(?=.*[a-z])(?=.*\d)(?=.*[\"\^\-\]\\~!@#$%&*_+=`|(){}[:;'<>,.?/]))\S{8,20}$
0
Terry WoodsIT GuruCommented:
I think you've missed the alternation character, which is a pipe character. It works like this:
matchThis|orThisInstead|orThis

Open in new window


If I assume your pattern is otherwise correct, that would mean your pattern would be:
^((?=.*[A-Z])(?=.*[a-z])(?=.*\d)|(?=.*[A-Z])(?=.*[a-z])(?=.*[\"\^\-\]\\~!@#$%&*_+=`|(){}[:;'<>,.?/])|(?=.*[A-Z])(?=.*\d)(?=.*[\"\^\-\]\\~!@#$%&*_+=`|(){}[:;'<>,.?/])|(?=.*[a-z])(?=.*\d)(?=.*[\"\^\-\]\\~!@#$%&*_+=`|(){}[:;'<>,.?/]))\S{8,20}$ 

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jacob LepleyBusiness Systems Programming AnalystAuthor Commented:
Apologies I had a baby and been off for a couple weeks. The solutions helped. Thank you.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Regular Expressions

From novice to tech pro — start learning today.