Regex for Password Validation

Question

I am looking for a regular expression to validate passwords on following:

Passwords must be minimum 7 characters, maximum 50 characters
Passwords must contain characters from at least three of the following four categories:
1. English uppercase alphabet characters (A–Z)
2. English lowercase alphabet characters (a–z)
3. Base 10 digits (0–9)
4. Non-alphanumeric characters (for example, !$#,%)

My try on this is as follows:

^.*(?=.{7,50})(?=.*\d)(?=.*[A-Z]).*$

This doesn't check special characters, and I am not getting how to make it that passwords must contain characters from at least three of the following four categories.

Can anyone help to suggest a regular expression to validate this password policy?

Is there some reason this needs to be a regex? Each of your constraints could be implemented with builtin functions, or at most, a few lines of trivial code, which would be much more understandable and maintainable than a regex solution. — Jim Lewis, Jun 08 '16 at 23:54

Ro Yo Mi · Accepted Answer · 2016-06-09T20:57:53.767

Description

^(?:(?=.*?[A-Z])(?:(?=.*?[0-9])(?=.*?[-!@#$%^&*()_[\]{},.<>+=])|(?=.*?[a-z])(?:(?=.*?[0-9])|(?=.*?[-!@#$%^&*()_[\]{},.<>+=])))|(?=.*?[a-z])(?=.*?[0-9])(?=.*?[-!@#$%^&*()_[\]{},.<>+=]))[A-Za-z0-9!@#$%^&*()_[\]{},.<>+=-]{7,50}$

Regular expression visualization

To see the image better, you can right click the image and select view in new window.

This regex will do the following

Require the string to be 7 - 50 characters long
Allow the string to be contain A-Z, a-z, 0-9, and !@#$%^&*()_[\]{},.<>+=- characters
Require at least one character from any three of the following cases
1. English uppercase alphabet characters A–Z
2. English lowercase alphabet characters a–z
3. Base 10 digits 0–9
4. Non-alphanumeric characters !@#$%^&*()_[]{},.<>+=-

Example

Live Demo

https://regex101.com/r/jR9cC7/1

Sample Text

         1         2         3         4         5        6
12345678901234567890123456789012345678901234567890124567890
aaaaAAAA1111
aaaaBBBBBBB
AAAAaaaa__
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!A
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!A
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!AA

Allowed Strings

aaaaAAAA1111
AAAAaaaa__
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!A

Explanation

NODE                     EXPLANATION
----------------------------------------------------------------------
  ^                        the beginning of a "line"
----------------------------------------------------------------------
  (?:                      group, but do not capture:
----------------------------------------------------------------------
    (?=                      look ahead to see if there is:
----------------------------------------------------------------------
      .*?                      any character except \n (0 or more
                               times (matching the least amount
                               possible))
----------------------------------------------------------------------
      [A-Z]                    any character of: 'A' to 'Z'
----------------------------------------------------------------------
    )                        end of look-ahead
----------------------------------------------------------------------
    (?:                      group, but do not capture:
----------------------------------------------------------------------
      (?=                      look ahead to see if there is:
----------------------------------------------------------------------
        .*?                      any character except \n (0 or more
                                 times (matching the least amount
                                 possible))
----------------------------------------------------------------------
        [0-9]                    any character of: '0' to '9'
----------------------------------------------------------------------
      )                        end of look-ahead
----------------------------------------------------------------------
      (?=                      look ahead to see if there is:
----------------------------------------------------------------------
        .*?                      any character except \n (0 or more
                                 times (matching the least amount
                                 possible))
----------------------------------------------------------------------
        [-                       any character of: '-', '!', '@',
        !@#$%^&*()_[\]           '#', '$', '%', '^', '&', '*', '(',
        {},.<>+=]                ')', '_', '[', '\]', '{', '}', ',',
                                 '.', '<', '>', '+', '='
----------------------------------------------------------------------
      )                        end of look-ahead
----------------------------------------------------------------------
     |                        OR
----------------------------------------------------------------------
      (?=                      look ahead to see if there is:
----------------------------------------------------------------------
        .*?                      any character except \n (0 or more
                                 times (matching the least amount
                                 possible))
----------------------------------------------------------------------
        [a-z]                    any character of: 'a' to 'z'
----------------------------------------------------------------------
      )                        end of look-ahead
----------------------------------------------------------------------
      (?:                      group, but do not capture:
----------------------------------------------------------------------
        (?=                      look ahead to see if there is:
----------------------------------------------------------------------
          .*?                      any character except \n (0 or more
                                   times (matching the least amount
                                   possible))
----------------------------------------------------------------------
          [0-9]                    any character of: '0' to '9'
----------------------------------------------------------------------
        )                        end of look-ahead
----------------------------------------------------------------------
       |                        OR
----------------------------------------------------------------------
        (?=                      look ahead to see if there is:
----------------------------------------------------------------------
          .*?                      any character except \n (0 or more
                                   times (matching the least amount
                                   possible))
----------------------------------------------------------------------
          [-                       any character of: '-', '!', '@',
          !@#$%^&*()_[             '#', '$', '%', '^', '&', '*', '(',
          \]{},.<>+=]              ')', '_', '[', '\]', '{', '}',
                                   ',', '.', '<', '>', '+', '='
----------------------------------------------------------------------
        )                        end of look-ahead
----------------------------------------------------------------------
      )                        end of grouping
----------------------------------------------------------------------
    )                        end of grouping
----------------------------------------------------------------------
   |                        OR
----------------------------------------------------------------------
    (?=                      look ahead to see if there is:
----------------------------------------------------------------------
      .*?                      any character except \n (0 or more
                               times (matching the least amount
                               possible))
----------------------------------------------------------------------
      [a-z]                    any character of: 'a' to 'z'
----------------------------------------------------------------------
    )                        end of look-ahead
----------------------------------------------------------------------
    (?=                      look ahead to see if there is:
----------------------------------------------------------------------
      .*?                      any character except \n (0 or more
                               times (matching the least amount
                               possible))
----------------------------------------------------------------------
      [0-9]                    any character of: '0' to '9'
----------------------------------------------------------------------
    )                        end of look-ahead
----------------------------------------------------------------------
    (?=                      look ahead to see if there is:
----------------------------------------------------------------------
      .*?                      any character except \n (0 or more
                               times (matching the least amount
                               possible))
----------------------------------------------------------------------
      [-                       any character of: '-', '!', '@', '#',
      !@#$%^&*()_[\]{}         '$', '%', '^', '&', '*', '(', ')',
      ,.<>+=]                  '_', '[', '\]', '{', '}', ',', '.',
                               '<', '>', '+', '='
----------------------------------------------------------------------
    )                        end of look-ahead
----------------------------------------------------------------------
  )                        end of grouping
----------------------------------------------------------------------
  [A-Za-z0-                any character of: 'A' to 'Z', 'a' to 'z',
  9!@#$%^&*()_[\]{},.<     '0' to '9', '!', '@', '#', '$', '%', '^',
  >+=-]{7,50}              '&', '*', '(', ')', '_', '[', '\]', '{',
                           '}', ',', '.', '<', '>', '+', '=', '-'
                           (between 7 and 50 times (matching the most
                           amount possible))
----------------------------------------------------------------------
  $                        before an optional \n, and the end of a
                           "line"
----------------------------------------------------------------------

score 1 · Answer 2 · edited May 23 '17 at 12:32

In order to add multiple conditions in one regex we use pipe or brackets /(regex1)|(regex2)|(regex2)/ or (regex1)(regex2)

Each one of the regex conditions is quite basic, and there are a lot of examples for each of the conditions you asked.

you can look here:

Regex for Password Must be contain at least 8 characters, least 1 number and both lower and uppercase letters and special characters

Regex for Password Validation

2 Answers2

Description

Example

Explanation