Regular expression for password verification

Question

I have been handed a task of putting together a login screen. I found something workable online but I'm having a problem writing the regular expression to validate the password. The following policy should be enforced -- the password should be exactly 14 characters long and should include:

At least 2 upper case letters,
at least 2 lower case letters,
at least 2 numbers, and
at least 2 'special' characters

I have no idea how to write this. Can anybody help?

What language? I assume one will be client side JavaScript, but you're going to have to do this check on the server side as well. — Jay, Nov 08 '13 at 19:50
The following link should point you in the right direction ... http://stackoverflow.com/questions/2370015/regular-expression-for-password-validation — Seymour, Nov 08 '13 at 19:53
You don't use *a* regular expression, you use *some* regular expressions. That way each one is easy to understand and makes the code concise and descriptive. — zzzzBov, Nov 08 '13 at 19:53
Please learn regular expressions - they are very simple and very useful. I could provide it but next time around will you be any the wiser? Why not read a tutorial on them and have a bash? — Ed Heal, Nov 08 '13 at 19:57
@Mr_Thomas this doesn't make sense at all. Why would you restrict passwords to 14 characters ? I hope you aren't using some old hashing function ? [Fun reading](http://security.stackexchange.com/a/33471) — HamZa, Nov 08 '13 at 20:13

score 2 · Accepted Answer · answered Nov 08 '13 at 19:57

2

Assuming by "special characters" you mean anything that isn't a letter or number:

^(?=.*[a-z].*[a-z])(?=.*[A-Z].*[A-Z])(?=.*[0-9].*[0-9])(?=.*[^A-Za-z0-9].*[^A-Za-z0-9]).{14}$

answered Nov 08 '13 at 19:57

pobrelkey

5,853
20
29

I've never thought to use multiple `(?=)`'s in a regular expression before... This is a great answer and does something I thought impossible with a single regular expression. – Jay Nov 08 '13 at 20:03

Regular expression for password verification

1 Answers1