jQuery Password Strength Regex, with potential itemized feedback messages

Question

I'm looking to get a Regex for the following password strength requirements:

Minimum 8 characters
At least one upper case character
At least one number (0-9)
At least one special character (!,@,#,$,%,^,&,*,?,_,~,-,(,))

I need this to be able to be evaluated using the jquery.validate.password.js plugin.

Also, is it possible to provide the user feedback based on which of the criteria they're missing? For example, if the user is missing an upper case character, can I spit back a message that tells them? They provide an example showcasing how to pass in different validation messages:

var originalPasswordRating = $.validator.passwordRating;
$.validator.passwordRating = function(password, username) {
    if (password.length < 100) {
        return { rate: 0, messageKey: "too-short" };
    }
};

$.validator.passwordRating.messages = $.extend(originalPasswordRating.messages, {
    "too-short": "Your password must be longer than 100 chars"
});

I wish sites stop forcing random password policies on their users. — Qtax, Jun 18 '12 at 15:57
Is there a standard minimum requirement that you can recommend I adhere to? — Adam Levitt, Jun 18 '12 at 15:58
[There](http://stackoverflow.com/questions/774569/regex-that-validates-active-directory-default-password-complexity?rq=1) are [lots](http://stackoverflow.com/questions/5142103/need-regex-for-password-strength?rq=1) of [questions](http://stackoverflow.com/questions/3387785/password-validation-regular-expression?rq=1) like [this](http://stackoverflow.com/questions/4116147/password-validation-regex?rq=1). — David B, Jun 18 '12 at 16:02
If a user wants a very simple password then maybe he doesn't much care about this account (and could pick a crappy password no matter how many restrictions you try to make). Best way (imo) is just to inform the user of the weakness of the password (and how easy someone can break it). — Qtax, Jun 18 '12 at 16:10

score 4 · Answer 1 · answered Jun 18 '12 at 16:24

Sounds like you want to run a series of regexes and store the results individually. Individually they're trivial. In JavaScript:

var password = "P@ssw0rd";
var validLength = /.{8}/.test(password);
var hasCaps = /[A-Z]/.test(password);
var hasNums = /\d/.test(password);
var hasSpecials = /[~!,@#%&_\$\^\*\?\-]/.test(password);

var isValid = validLength && hasCaps && hasNums && hasSpecials;

http://jsfiddle.net/RichardTowers/cAuTf/

Note that even with the rules people can choose very weak passwords.

score 1 · Accepted Answer · answered Jun 18 '12 at 16:17

I've never used that plugin, but i believe something like this should work for you:

var originalPasswordRating = $.validator.passwordRating;
var upperCaseRegex = /[A-Z]+/;
var numberRegex = /[0-9]+/
var specialCharRegex = /[\!\@\#\$\%\^\&\*\?\_\~\-\(\)]+/;
$.validator.passwordRating = function(password, username) {
    if (password.length < 8) {
        return { rate: 0, messageKey: "too-short" };
    } else if(!password.match(upperCaseRegex)) {
        return { rate: 0, messageKey: "no-upper" };
    } else if(!password.match(numberRegex)) {
        return { rate: 0, messageKey: "no-number" };
    } else if(!password.match(specialCharRegex)) {
        return { rate: 0, messageKey: "no-special" };
    }

};

disclaimer: i haven't tested any of this code, but i believe this should point you in the right direction.

You will need to create corresponding messages with the "messageKeys" that I've created in my example...

score 0 · Answer 3 · answered Dec 29 '21 at 10:44

Try this..

function validatePass(pswd) {

var validLength = /.{8,}/.test(pswd);
var hasCaps = /[A-Z]/.test(pswd);
var hasLower = /[a-z]/.test(pswd);
var hasNums = /\d/.test(pswd);
var hasSpecials = /[~!,@#%&_\$\^\*\?\-]/.test(pswd);

if (validLength){                   // VALIDO LA LONGITUD 8 O MÁS
    if (hasCaps){                   // VALIDO SI HAY MAYÚSCULAS
        if (hasLower){              // VALIDO SI HAY MINÚSCULAS
            if (hasNums){           // VALIDO SI HAY NÚMEROS
                if (hasSpecials){   // VALIDO SI HAY CARACTERES ESPECIALES
                    return 0;
                } else return 5;    // NO HAY CARACTERES ESPECIALES
            } else return 4;        // NO HAY NÚMEROS
        } else return 3;            // NO HAY MINÚSCULAS
    } else return 2;                // NO HAY MAYÚSCULAS
  } else return 1;                  // LA LONGITUD ES INFERIOR A 8
}

Check password like this..

 var valid_str = validatePass(renew_pass);
    
 if (valid_str == 1){
      alert("Mínimo 8 caracteres");
                
 } else if (valid_str == 2){ // NO HAS UPPERCASE 
      alert("NO HAS UPPERCASE");
    
 } else if (valid_str == 3){ // NO HAS LOWERCASE 
      alert("NO HAS LOWERCASE");
        
 } else if (valid_str == 4){ // NO HAS NUMS
      alert("NO HAS NUMS");
        
 } else if (valid_str == 5) { // NO HAS SPECIAL CHARACTERS
      alert("NO HAS SPECIAL CHARACTERS");
    
 }

jQuery Password Strength Regex, with potential itemized feedback messages

3 Answers3