-2

I have the following password requirements I'm trying to express in a regex expression and I'm struggling. Any help appreciated!

Passwords must contain characters from 3 of the following 4 types:

  1. upper case letters
  2. lower case letters
  3. numerals
  4. special characters

I've found some similar examples and if my knowledge of regex was stronger I could figure it out but I haven't found one that has the "3 of 4" requirement.

Edit:

Ok here is what I'm using for now, I'm currently testing it. Does this look right?

passwordStrengthRegularExpression="(?=^[^\s]{8,}$)((?=.?\d)(?=.?[A-Z])(?=.?[a-z])|(?=.?\d)(?=(.\W){1,})(?=.?[a-z])|(?=(.\W){1,})(?=.?[A-Z])(?=.?[a-z])|(?=.?\d)(?=.?[A-Z])(?=(.\W){1,}))^.*"

user3298634
  • 121
  • 1
  • 8
  • 1
    Saying you're struggling and not showing what you tried makes people think you didn't. Also they have no idea what you already know and don't want to give you a full introductory course. – Karl Sep 09 '15 at 19:09
  • https://xkcd.com/936/ – Sam Sep 09 '15 at 19:14
  • I'm a beginner at regex and by struggling I just meant it's difficult and I haven't found anyone that had the exact same problem. So in the meantime I'm reading some tutorials but it may take a while and I don't have a lot of time to complete this so that's why I'm here. – user3298634 Sep 09 '15 at 19:19
  • Also I looked at http://stackoverflow.com/questions/5142103/regex-for-password-strength but it doesn't have the "only 3 of 4" requirement. I'm assuming you can do an or clause and I'm using the logic in the link as an example but it's pretty much all greek to me for now. – user3298634 Sep 09 '15 at 19:20
  • What are you expecting from us? If you don't post your attempt, we can't help you learn from your mistakes. We're not going to do the whole thing for you. – Barmar Sep 09 '15 at 19:34
  • 1
    `Some people, when confronted with a problem, think "I know, I'll use regular expressions." Now they have two problems.` It might be better to forgo a solution dependant on regular expressions and go with something more readable and maintainable. Consider if you ever need to modify the rules later to include things like length, character repetition, and non-dictionary words. – Mr. Llama Sep 09 '15 at 19:35
  • I'm a big proponent of regex, but in a case like this, even I agree with @Mr.Llama. The *3 of 4* requirement, while technically feasible in regex, would be exceptionally unwieldy. At most, I would recommend using regex to validate each of the rules individually, and then handle the *3 of 4* logic in your code. – Steven Doggart Sep 09 '15 at 19:52
  • All right I'm going to read these tutorials and see if I can modify some of the examples online. – user3298634 Sep 09 '15 at 19:55
  • The reason I am forced to use regex for now is I'm working on creating a custom asp.net membership provider for Sitecore. I could put whatever logic I want in there but that will take a while and my glorious leaders decided they want a pilot they can stand up right now. So I decided using "PasswordStrengthRegularExpression" in the web.config would be the quickest way to do that. – user3298634 Sep 09 '15 at 19:59
  • I'd suggest checking out this previous question as it should be close to what you need: http://stackoverflow.com/questions/5142103/regex-for-password-strength – NumericOverflow Sep 09 '15 at 20:32

1 Answers1

1

Analog to https://stackoverflow.com/a/5142164/2606322 I would do the following for all 4 requirements

^(?=.*[A-Z])(?=.*[!@#$&*])(?=.*[0-9])(?=.*[a-z]).{8}$

and then add the other 4 (3 of 4) possibilities or-ed together like

^
((?=.*[A-Z])(?=.*[!@#$&*])(?=.*[0-9])(?=.*[a-z]).{8})|
((?=.*[!@#$&*])(?=.*[0-9])(?=.*[a-z]).{8})|
((?=.*[A-Z])(?=.*[0-9])(?=.*[a-z]).{8})|
((?=.*[A-Z])(?=.*[!@#$&*])(?=.*[a-z]).{8})|
((?=.*[A-Z])(?=.*[!@#$&*])(?=.*[0-9]).{8})|
$

just in one line. Ugly but might work. And, of course, replace the !@#$&* with the set of your liking.

Community
  • 1
  • 1
azt
  • 2,100
  • 16
  • 25