-1

Criteria

  1. Password length >=8 and <=15
  2. One digit(0-9), One alphabet(A-Z or a-z), One special character (@#$*!)

I tried this 

((?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%]).{8,15})

but this checks for both one lower case and upper case , but I need either one.

ad absurdum
  • 19,498
  • 5
  • 37
  • 60
Gopi
  • 5,656
  • 22
  • 80
  • 146
  • 2
    what about `((?=.*\d)(?=.*[a-zA-Z])(?=.*[@#$%]).{8,15})` then? – Cristian Lupascu May 05 '15 at 08:36
  • 8
    @xanatos If a question that clearly shows effort triggers a comment like this, then perhaps this site isn't for you. – Filburt May 05 '15 at 08:41
  • 3
    @Filburt There are two possibilities: he built that regex by hand, so he clearly is quite experienced and knows how to change it, or he simply found it somewhere. Clearly the first one is impossible, and the second one doesn't show much effort. In this case in particular, the solution is "remove the clearly marked [A-Z] pattern and merge it with the [a-z] pattern". Even without knowing regexes, by looking at it for five minutes one person a little versed in programming can see it. – xanatos May 05 '15 at 08:43
  • 2
    @xanatos why should someone who may have little experience using regex, start from scratch? – Andrei V May 05 '15 at 08:45
  • 3
    @xanatos Less scorn and a take form the lighter side like dcastro's answer would be more to level. If you'd pummel every copy-n-paste noob question you'd have far worse to start with. I'd rather question if this hasn't been answered before and thus lacks on-site research. **tldr**: *"You're too dumb for technology X"* is to harsh imho. – Filburt May 05 '15 at 08:59
  • 1
    Complex password rules will usually not lead to more safe passwords, important is only a minimum length. People cannot remember tons of strong passwords, and such rules can interfere with good password schemes. People can get very inventive to bypass such rules, e.g. by using weak passwords like "Password*2015". Often you end up with weaker passwords instead of stronger ones. – martinstoeckli May 05 '15 at 11:36
  • @ctwheels -- [that is a good link to reference](https://stackoverflow.com/questions/48345922/reference-password-validation) from the comments, but I don't think that is a dupe. OP specifies at least one lower-case _or_ one upper-case letter, but the regex at the link matches at least one lower-case _and_ one upper-case letter. Since the question seems to be about how to do this with a regex, not about the best way to validate passwords, this does not seem like a dupe. – ad absurdum Feb 09 '18 at 01:52
  • @DavidBowling I agree with your reasoning, but I’m basing question duplication off the title and general topic of the question. Basically, if a new user was to google or search StackOverflow for password validation methods, this might appear. If the question’s title was more clear about the password validation only containing uppercase *or* lowercase I’d completely agree with you. – ctwheels Feb 09 '18 at 11:54
  • @ctwheels -- the point is, the proposed duplicate doesn't actually answer the OP question (which is clearly, if somewhat tersely, stated in the question body), hence not a duplicate. Maybe the question title (which isn't even a question) should be edited instead. – ad absurdum Feb 09 '18 at 14:19

3 Answers3

14

As the saying goes: "I had a problem, so I thought of using a regex. Now I have two problems".

There's nothing wrong with a good ol' method.

public bool IsPasswordValid(string password)
{
    return password.Length >= 8 &&
           password.Length <= 15 &&
           password.Any(char.IsDigit) &&
           password.Any(char.IsLetter) &&
           (password.Any(char.IsSymbol) || password.Any(char.IsPunctuation)) ;
}
dcastro
  • 66,540
  • 21
  • 145
  • 155
  • 1
    And.. [Discussion about the quote](http://programmers.stackexchange.com/questions/223634/what-is-meant-by-now-you-have-two-problems) – Sriram Sakthivel May 05 '15 at 08:44
  • 1
    Note that instead of IsSymbol, you can use a char array where you put just the characters you want to allow. ie char[] allowedChars = { '@','#','$','*','!'}; password.Any(allowedChars.Contains) – irreal May 05 '15 at 08:44
  • 1
    "Some people, when confronted with a problem, think 'I know, I'll use regular expressions.' Now they have two problems." - Jamie Zawinski – fubo May 05 '15 at 08:47
  • 1
    Technically the `\d` would be `IsNumber` :-) And `IsLetter` includes letters outside `A-Za-z`, so you restricted what is a digit and enlarged what is a letter. – xanatos May 05 '15 at 08:48
  • @SriramSakthivel I especially liked this part "The key to maintaining software is writing maintainable code. Using regular expressions can be counter to that goal.". This is the exact reason why I *usually* stay away from complex regexs - even I write it correctly and prove its correctness with unit tests, will tomorrow's developer be able to maintain it? – dcastro May 05 '15 at 08:48
  • @xanatos good catch. That begs another question - is there a good reason with the OP wouldn't want letters outside the A-Za-z range? See: [Why do websites restrict the number & choice of characters in a password?](http://programmers.stackexchange.com/a/15355/101308) – dcastro May 05 '15 at 08:54
  • This is an awesome answer, if not just for the quote! – TheGeneral Feb 08 '18 at 22:43
0

Here is a RegEx that includes all allowed special symbols, according to this:

((?=.*\d)(?=.*[a-zA-Z])(?=.*[@!-'()\+--\/:\?\[-`{}~]).{8,15})
somebody
  • 478
  • 10
  • 17
0

Just remove the A-Z matching group and declare the Regex with RegexOptions.IgnoreCase to ignore case (i.e. so that it doesn't matter if the letters supplied are upper case, lower case, or both; the a-z group will still match them):

new Regex(@"((?=.*\d)(?=.*[a-z])(?=.*[@#$%]).{8,15})", RegexOptions.IgnoreCase)
Stephen Kennedy
  • 20,585
  • 22
  • 95
  • 108