2

Working on a project where it requires me to have a password field using pattern attribute. Not really done a lot of regex stuff and was wondering whether someone could help out.

The requirements for the field are as follows:

  • Can't contain the word "password"
  • Must be 8-12 in length
  • Must have 1 upper case
  • Must have 1 lower case
  • Must have 1 digit

Now, so far I have the following: 

[^(password)].(?=.*[0-9])?=.*[a-zA-Z]).{8,12}

This doesn't work. We can get it so everything else works, apart from the password string being matched.

Thanks in advance, Andy

EDIT: the method we've used now (nested in comments below) is: ^(?!.*(P|p)(A|a)(S|s)(S|s)(W|w)(O|o)(R|r)(D|d)).(?=.*\d)(?=.*[a-zA-Z]).{8,12}$

Thanks for the help

Don Roby
  • 40,677
  • 6
  • 91
  • 113
andyroo
  • 384
  • 2
  • 13
  • I tried all the ones that I could find on stackoverflow and couldn't find one that worked correct for html5 – andyroo Oct 25 '13 at 10:03
  • 1
    Why do your requirements list a maximum of 12 characters? This isn't the 1960s anymore, most hardware/software today can handle longer passwords. http://www.explainxkcd.com/wiki/index.php?title=936:_Password_Strength – Stephan Branczyk Oct 25 '13 at 10:24
  • It's just in the spec for what the company requested, not my business to advice and things like that unfortuneately – andyroo Oct 25 '13 at 12:05

4 Answers4

2

Use a series of anchored look aheads for the :must contain" criteria:

^(?!.*(?i)password)(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,12}$

I've added the "ignore case" switch (?i) to the "password" requirement, so it will reject `the word no matter the case of the letters.

Bohemian
  • 412,405
  • 93
  • 575
  • 722
1

This regex should to the job:

^(?!.*password)(?=.*\d)(?=.*[A-Z])(?=.*[a-z]).{8,12}$

it will match:

^               // from the beginning of the input 
(?!.*password)  // negative lookbehind whether the text contains password
(?=.*\d+)       // positive lookahead for at least one digit
(?=.*[A-Z]+)    // positive lookahead for at least one uppercase letter
(?=.*[a-z]+)    // positive lookahead for at least one lowercase letter
.{8,12}         // length of the input is between 8 and 12 characters
$

Link to phpliveregex

Teneff
  • 30,564
  • 13
  • 72
  • 103
0

Try This:

^(?!.*password)(?=.*[A-Z])(?=.*[0-9])(?=.*[a-z]).{8,12}$

Explanation

^                         Start anchor
(?=.*[A-Z])               Ensure string has one uppercase letter
(?=.*[0-9])               Ensure string has one digits.
(?=.*[a-z])               Ensure string has one lowercase letter
{8,12}                    Ensure string is of length 8 - 12.
(?!.*password)            Not of word password
$                         End anchor.
Srini V
  • 11,045
  • 14
  • 66
  • 89
  • 2
    your password check expression is pretty messed up: right now it means "must contain a character other than one of `()adoprsw`" – Bohemian Oct 25 '13 at 09:52
0

Try this way

        Public void validation()
        string xxxx = "Aa1qqqqqq";
        if (xxxx.ToUpper().Contains("password") || !(xxxx.Length <= 12 & xxxx.Length >= 8) || !IsMatch(xxxx, "(?=.*[A-Z])") || !IsMatch(xxxx, "(?=.*[a-z])") || !IsMatch(xxxx, "(?=.*[0-9])"))
        {
             throw new System.ArgumentException("Your error message here", "Password");
        }
        }

        public bool IsMatch(string input, string pattern)
        {
          Match xx = Regex.Match(input, pattern);
          return xx.Success;
         }
Ramesh Rajendran
  • 37,412
  • 45
  • 153
  • 234
  • We're using regex in html5 – andyroo Oct 25 '13 at 10:17
  • Same as I also used Regex , See that IsMatch method , My code helps for check your all requirement for password , if all is correct the if condition is return false, other wise that if condition will true, then add the error message there !You can check it ! – Ramesh Rajendran Oct 25 '13 at 10:20