Got more questions? Find advice on: ASP | SQL | XML | Windows
in Search
Welcome to RegexAdvice Sign in | Join | Help
HomeBlogsForumsPhotosDownloads
RegexAdvice » Regular Expressions » Construction Advice » Password Strength !!!

Password Strength !!!

Last post 09-04-2008, 11:07 PM by Ross Lambert. 8 replies.
Sort Posts: Previous Next

  •  09-02-2008, 6:17 AM 45852

    Password Strength !!!

    Reply Quote

    Hello All,

    I am very new to using Regular expression. 

    I wanted to create a regular expression for the following rule for validating the password.

    1. Passwords must be atleast 8 non blank characters in length 

    2. contain  at least 1 capital letters,1 lower case letters, and 1 numeric characters and at least one of the following special characters # ! $ % - _ = + < >

     It will be really very nice of you if you could help me with this...

  •  09-02-2008, 6:38 AM 45854 in reply to 45852

    Re: Password Strength !!!

    Reply Quote
    ^(?=.*?\d)(?=.*?[a-z])(?=.*?[A-Z])(?=.*?[-#!$%_=+<>]).{8,}$

  •  09-02-2008, 6:59 AM 45857 in reply to 45854

    Re: Password Strength !!!

    Reply Quote

    prometheuzz, due to a Microsoft client-side regex engine lookahead bug, that pattern will fail to properly match in JavaScript code etc.  I've found that the workaround seems to be to add the length check to the front as a lookahead instead:

    ^(?=.{8,})(?=.*?\d)(?=.*?[a-z])(?=.*?[A-Z])(?=.*?[-#!$%_=+<>]).*$

    Note that I added the .*$ at the end to simply return the match if necessary, for just string test purposes than can be left off, also the ?'s and the comma after the 8 in the pattern are also optional.

    The bug is discussed here:

    http://blog.stevenlevithan.com/archives/regex-lookahead-bug

  •  09-02-2008, 7:14 AM 45859 in reply to 45857

    Re: Password Strength !!!

    Reply Quote

    Thanks ddrudik, didn't know that!

  •  09-02-2008, 7:26 AM 45860 in reply to 45859

    Re: Password Strength !!!

    Reply Quote
    No worries, Microsoft should have fixed it by now but has failed to for some reason.

  •  09-02-2008, 7:57 AM 45863 in reply to 45860

    Re: Password Strength !!!

    Reply Quote

    Thankx a lot to both of you for helping me out !!!

  •  09-04-2008, 12:47 AM 45929 in reply to 45863

    Re: Password Strength !!!

    Reply Quote

    I have a similar password strength problem: My client would like to be able to require 2 of 3 conditions. That is,

    * one or more alpha character

    * one or more numeric characters

    * one or more special characters (!@#$%^&*.?-_+=~`;:)

    If any 2 of those are true, then the password is sufficiently complex.

    And yes, I'm a regex noob... my eyes still glaze over at expressions > 5 characters. But I'm blown away at how powerful they are.

    Thanks in advance,

    == Ross-a-roni ==

  •  09-04-2008, 1:06 PM 45963 in reply to 45929

    Re: Password Strength !!!

    Reply Quote

    Ross, it's always best to start a new thread rather than reuse someone else's thread, but here's that as I understand your requirements:

    (?:(?=.*([a-zA-Z]))(?=.*(\d))|(?=.*(?1))(?=.*([!@#$%^&*.?_+=~`;:-]))|(?=.*(?2))(?=.*(?3))).*

  •  09-04-2008, 11:07 PM 46004 in reply to 45963

    Re: Password Strength !!!

    Reply Quote

    Wow. My eyes can hardly take it all in. :-)

    Thank you for whipping that up. I'll give it a go and report back.

    == Ross ==
View as RSS news feed in XML
Got more questions? Find advice on: ASP | SQL | XML | Windows | About regexadvice.com | Privacy Policy | ASP.NET Tutorials | Advertise
Copyright ©2005 DevAdvice.com