+chorpeac MVC Posted April 24, 2009 MVC Share Posted April 24, 2009 Looking to implement a password policy that states: 1. Must be 14 or more characters 2. Must contain at least TWO (2) upper case letters 3. Must contain at least TWO (2) lower case letters 4. Must contain at least TWO (2) numbers 5. Must contain at least TWO (2) special characters I thought this would take care of it, but it appears it isn't 100% (?=^.{14,}$)(?=.*\d{2,})(?=.*\W{2,})(?=.*[A-Z]{2,})(?=.*[a-z]{2,}).*$ This should work right? This one however is not valid for some reason: Pa$$wordpo12cY I am using Expresso to validate this, and it is consistent with the ASP.NET validator at the moment. Link to comment Share on other sites More sharing options...
0 Calculator Posted April 24, 2009 Share Posted April 24, 2009 That's because your regular expression will only validate cases 2 to 5 when those characters follow each other immediately, because you're using {2,}. In your problematic example, the upper case P and Y don't follow immediately, thus causing the expression to fail. I wouldn't really know how to deal with this either, my guess is that you're better off looping through all the characters in the password string and keep track of the count of each requirement. Link to comment Share on other sites More sharing options...
0 +chorpeac MVC Posted April 24, 2009 Author MVC Share Posted April 24, 2009 Hmm...so that makes some sense, because I can get it work it I do PA$$wordpo12cy. Yikes. So is there a way to specify a character occurs twice, but not right after each other? Link to comment Share on other sites More sharing options...
0 Bazenga Posted April 24, 2009 Share Posted April 24, 2009 I'm interested to know how as well. I don't think it's possible with regular expression though. I mean, how would you know if the first 2 characters are upper case or the middle two or the last two? It's way too dynamic. Hopefully someone with regular expression experience can answer this. Link to comment Share on other sites More sharing options...
0 +chorpeac MVC Posted April 24, 2009 Author MVC Share Posted April 24, 2009 OK this working, check it out: (?=^.{14,}$)(?=^.*\d.*\d.*$)(?=^.*[A-Z].*[A-Z].*$)(?=^.*[a-z].*[a-z].*$)(?=^.*\W.*\W.*$).*$ Link to comment Share on other sites More sharing options...
0 Bazenga Posted April 24, 2009 Share Posted April 24, 2009 will this work for: pa$wordpo12C$Y ? Could you explain the expression please =) ? Link to comment Share on other sites More sharing options...
0 +chorpeac MVC Posted April 24, 2009 Author MVC Share Posted April 24, 2009 Yea, that one works. I don't know exactly about the positioning and meaning, but it is saying: (?=^.{14,}$) - from the beginning of the string, check any characters, at least 14 times (?=^.*\d.*\d.*$) - beginning of the string, match any character any repititions, a digit, any character any repititions, a digit, and any character any repititions until the end of the string. (?=^.*[A-Z].*[A-Z].*$) - beginning of the string, match any character any repititions, a character in this class of characters [A-Z], any character any repititions, a character in this class of characters [A-Z], , and any character any repititions until the end of the string. (?=^.*[a-z].*[a-z].*$) - beginning of the string, match any character any repititions, a character in this class of characters [A-z], any character any repititions, a character in this class of characters [A-z], and any character any repititions until the end of the string. (?=^.*\W.*\W.*$).*$ - beginning of the string, match any character any repititions, a non-alphanumeric, any character any repititions, a non-alphanumeric, and any character any repititions until the end of the string. Go get the free regular expression editor, called Expresso, and try it out. Link to comment Share on other sites More sharing options...
0 Bazenga Posted April 24, 2009 Share Posted April 24, 2009 All right thanks for the explanation, I will get that editor. I should rap my head around regular expressions, I suck big time. Link to comment Share on other sites More sharing options...
Question
+chorpeac MVC
Looking to implement a password policy that states:
1. Must be 14 or more characters
2. Must contain at least TWO (2) upper case letters
3. Must contain at least TWO (2) lower case letters
4. Must contain at least TWO (2) numbers
5. Must contain at least TWO (2) special characters
I thought this would take care of it, but it appears it isn't 100%
(?=^.{14,}$)(?=.*\d{2,})(?=.*\W{2,})(?=.*[A-Z]{2,})(?=.*[a-z]{2,}).*$
This should work right?
This one however is not valid for some reason: Pa$$wordpo12cY
I am using Expresso to validate this, and it is consistent with the ASP.NET validator at the moment.
Link to comment
Share on other sites
7 answers to this question
Recommended Posts