1

I am trying to replace our password validation with a simple RegEx in my asp.net project which uses regularexpression validator.

Here is the password restrictions:

  1. Password should be of minimum 6 chars in length and maximum 15
  2. It should have at least one letter (any case)
  3. It should have at least one digit
  4. It should have at least one special character.

I am n00b at regex and this is the only type of question where i ask for spoon feeding ;)

I tried below regex but it fails in few cases.

string re1="([a-z])";   // Any Single Word Character (Not Whitespace) 1
string re2=".*?";       // Non-greedy match on filler
string re3=".";         // Uninteresting: c
string re4=".*?";       // Non-greedy match on filler
string re5=".";         // Uninteresting: c
string re6=".*?";       // Non-greedy match on filler
string re7="(.)";       // Any Single Character 1
string re8="(\\d)";     // Any Single Digit 1

Regex r = new Regex(re1+re2+re3+re4+re5+re6+re7+re8,RegexOptions.IgnoreCase|RegexOptions.Singleline);
Match m = r.Match(txt)
Neel Bhasin
  • 749
  • 1
  • 7
  • 22
NoobDeveloper
  • 1,877
  • 6
  • 30
  • 55
  • Here you go: http://goo.gl/cWa5m5 – Simon Whitehead Jan 07 '14 at 03:47
  • Duplicate of many similar questions... Still does not make it any better idea - long easy to remember password is better than one that matches some strict rules. I.e. "aaaa1!" compared to "Nexus should not be restricting my password" - I'd bet most of the tools will pick first one quickly, why later one is not so trivial... – Alexei Levenkov Jan 07 '14 at 03:56
  • https://xkcd.com/936/ – Digital Trauma Jan 07 '14 at 05:34

2 Answers2

2

Use a pattern like this:

^(?=.*[a-z])(?=.*[0-9])(?=.*[...]).{6,15}$

Where you can replace the [...] with whatever characters you want to accept as 'special characters'.

To break this down a bit:

  • The start (^) and end ($) anchors ensure there are no leading or trailing characters in the input. This is necessary to ensure the maximum length is enforced.
  • The .{6,15} bit matches 6 to 15 of any character.

  • The (?=...) is a lookahead. It ensures that the position being matched is followed by whatever pattern appears inside.

    • The .*[a-z] means any number of characters followed by a single Latin letter.
    • Similarly, .*[0-9] matches any number of characters followed by a decimal digit, and .*[...] matches any number of characters followed by one of your 'special characters'.

  • So collectively, the chain of (?=.*[a-z])(?=.*[0-9])(?=.*[...]) means that all three of these patterns must be present within the following string, in any order.

p.s.w.g
  • 146,324
  • 30
  • 291
  • 331
0

I'm new to this also and I found a post on validating filenames that should work the same.

if(preg_match('/^[a-z0-9-_]+$/',$file_name)) 
{
   echo 'good filename';
}   
else
{
   echo ' The file name can only contain "a-z", "0-9", "_", and "-"';
}

This checks to see if it contains certain characters which you can use to detect numbers and letters in a password. Also, if I were you I would also compare the password against a list of common passwords such as "password" "password123" etc.

Neel Bhasin
  • 749
  • 1
  • 7
  • 22
mberna
  • 313
  • 5
  • 18