• 0

Password Regular Expression Help


Question

Looking to implement a password policy that states:

1. Must be 14 or more characters

2. Must contain at least TWO (2) upper case letters

3. Must contain at least TWO (2) lower case letters

4. Must contain at least TWO (2) numbers

5. Must contain at least TWO (2) special characters

I thought this would take care of it, but it appears it isn't 100%

(?=^.{14,}$)(?=.*\d{2,})(?=.*\W{2,})(?=.*[A-Z]{2,})(?=.*[a-z]{2,}).*$

This should work right?

This one however is not valid for some reason: Pa$$wordpo12cY

I am using Expresso to validate this, and it is consistent with the ASP.NET validator at the moment.

Link to comment
Share on other sites

7 answers to this question

Recommended Posts

  • 0

That's because your regular expression will only validate cases 2 to 5 when those characters follow each other immediately, because you're using {2,}. In your problematic example, the upper case P and Y don't follow immediately, thus causing the expression to fail.

I wouldn't really know how to deal with this either, my guess is that you're better off looping through all the characters in the password string and keep track of the count of each requirement.

Link to comment
Share on other sites

  • 0

Hmm...so that makes some sense, because I can get it work it I do PA$$wordpo12cy.

Yikes. So is there a way to specify a character occurs twice, but not right after each other?

Link to comment
Share on other sites

  • 0

I'm interested to know how as well. I don't think it's possible with regular expression though. I mean, how would you know if the first 2 characters are upper case or the middle two or the last two? It's way too dynamic. Hopefully someone with regular expression experience can answer this.

Link to comment
Share on other sites

  • 0

OK this working, check it out:

(?=^.{14,}$)(?=^.*\d.*\d.*$)(?=^.*[A-Z].*[A-Z].*$)(?=^.*[a-z].*[a-z].*$)(?=^.*\W.*\W.*$).*$

Link to comment
Share on other sites

  • 0

Yea, that one works. I don't know exactly about the positioning and meaning, but it is saying:

(?=^.{14,}$) - from the beginning of the string, check any characters, at least 14 times

(?=^.*\d.*\d.*$) - beginning of the string, match any character any repititions, a digit, any character any repititions, a digit, and any character any repititions until the end of the string.

(?=^.*[A-Z].*[A-Z].*$) - beginning of the string, match any character any repititions, a character in this class of characters [A-Z], any character any repititions, a character in this class of characters [A-Z], , and any character any repititions until the end of the string.

(?=^.*[a-z].*[a-z].*$) - beginning of the string, match any character any repititions, a character in this class of characters [A-z], any character any repititions, a character in this class of characters [A-z], and any character any repititions until the end of the string.

(?=^.*\W.*\W.*$).*$ - beginning of the string, match any character any repititions, a non-alphanumeric, any character any repititions, a non-alphanumeric, and any character any repititions until the end of the string.

Go get the free regular expression editor, called Expresso, and try it out.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.