2

I need to validate a password with these rules:

  1. 7 characters
  2. Must contain at least one letter
  3. Must contain at least one number OR Special Character;

Below regex follows AND operation,

 ^(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%^&*-]).{7,}$

Here how to perform OR operation in 3rd rule.

Keenle
  • 12,010
  • 3
  • 37
  • 46
Harish
  • 2,496
  • 4
  • 24
  • 48
  • Most ORing can be done with `( | )` which is called alternation. It the string matches left OR right side, it will pass. That being said, alternation typically makes the regex much longer because it accounts for many cases at the same tim – skamazin Jul 31 '14 at 16:10
  • `{OFF}` I don't understand but why can I not choose a password I really want to? why does everyone forces to use their own password-policy? – holex Jul 31 '14 at 16:10
  • @skamazin : Can you please edit my regex. – Harish Jul 31 '14 at 16:11
  • 1
    Put up some sample passwords and say which are valid and invalid. That'll help a lot – skamazin Jul 31 '14 at 16:12

1 Answers1

3

I think this regex will work:

^(?=.*?[a-z])((?=.*?[0-9])|(?=.*?[#?!@$%^&*-])).{7,}$

But it's hard to tell without some test data

DEMO

skamazin
  • 757
  • 5
  • 12
  • it would be better if you put `[\W]` instead of special characters. – Avinash Raj Jul 31 '14 at 16:20
  • Probably not as that could include characters the OP doesn't want. Note the differences: [\W](http://regex101.com/r/nZ8hY1/1) and [#?!@$%^&*-](http://regex101.com/r/lS5uT1/1) – skamazin Jul 31 '14 at 16:26
  • @skamazin It works... But if the user satisfies this criteria, then he can enter special characters like `;` as well. How can this be prevented? – Jo Smo Aug 20 '14 at 17:46
  • @tastro Use a black list. ie `[^;]{7,}$` instead of `.{7,}$` at the end of the regex – skamazin Aug 20 '14 at 17:52
  • @skamazin thanks. Is it possible to satisfy both criteria? 1. criteria: don't allow anything but `a-zA-Z0-9!#%˙` for example and 2. criteria: there have to be at least one lower-case letter, one upper-case letter, one number and one special character (!, # or %)? If yes... Could you provide an example please? – Jo Smo Aug 20 '14 at 17:56
  • @skamazin Could you please explain what ?=.* does? I know that a? allows an a or no a at all. Just don't know what the question mark (?) does when you put an equals (=) behind it. – Jo Smo Aug 20 '14 at 17:58
  • @skamazin thanks. 1. Is the `?` behind `.*` even necessary? 2. Does g means that multiple matches are returned or that all the sub-patters `sub-pattern is everything inside ()` much be matched? – Jo Smo Aug 20 '14 at 18:08
  • `.*?` makes the matching **[lazy](http://www.regular-expressions.info/repeat.html)**, which may not be necessary in this case, but it's normally good practice. the `g` flag means `global` so that it can return multiple matches instead of stopping after the first. Depending on your implementation of the regex (iterating line-by-line through a file, or reading the entire file as one long string) you may or may not the `g` flag. – skamazin Aug 20 '14 at 18:14
  • 1
    @skamazin thank you for the explanation. I have opened a new question, so that we won't spam the comment section here. http://stackoverflow.com/questions/25411819/regex-regular-expression-for-password-validation – Jo Smo Aug 20 '14 at 18:25