-1

Been trying all morning to figure out a regex pattern for an AD password restriction we're trying to enforce. Any ideas?

  • MUST have at least one lower case character ( a-z )
  • MUST have at least one upper case character ( A-Z )
  • MUST have at least one numerical character ( 0-9 )

  • MUST have at least one of the following special characters, but must be able to permit all: ! @ # $ % ^ & * ( ) - _ + = { } [ ] | \ : ; " ' < > , . ? /

  • 8 to 14 characters long

Can be in ANY order

I've tried about 50 combinations and the special characters part eludes me.

The one's I've found on here or online don't include the bracket special characters and a few others unfortunately.

clearshot66
  • 2,292
  • 1
  • 8
  • 17
  • regex for this is long and evil... It is easier to break it up into multiple checks and then come back with 'Unacceptable password, MUST have at least one lower case character' or 'Unacceptable password,MUST have at least one numerical character ( 0-9 )' Also, try this and see if this works : **(?=^.{8,}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$** – Dimi Feb 24 '17 at 20:31
  • I'm VERY stuck on the special character part I can handle every other besides that – clearshot66 Feb 24 '17 at 20:34
  • @siam what do you mean? For what I need? They're generic passwords that can literally be whatever as long as they contain one of every of the above possibilities – clearshot66 Feb 24 '17 at 20:37
  • @chris85 that's how our team set it up I don't have control over what's in it only front end – clearshot66 Feb 24 '17 at 20:45
  • I think that decreases security. You can modify the `{8,}` on the dup and it would be able to accommodate that, I think. – chris85 Feb 24 '17 at 20:46
  • @chris85 I put it in those because it's used a lot in both and more eyes versus just putting it in one area, it relates to all. It's also not my call it's how active directory PW are set up here. – clearshot66 Feb 24 '17 at 20:53
  • No..it leaves off certain characters I need like : ; <> {} – clearshot66 Feb 24 '17 at 21:06
  • You updated the character class to include your allowed characters? Use the `@`. – chris85 Feb 24 '17 at 21:26
  • Yes it's still failing on all the regex testers with my test cases – clearshot66 Feb 24 '17 at 21:26
  • Provide an example that should work and doesnt. Use the `@` for tagging here. – chris85 Feb 24 '17 at 21:35

1 Answers1

1

Multiple seperate lookaheads from the start of string should work (demo)

^(?=.*?[a-z])(?=.*?[A-Z])(?=.*?[0-9])(?=.*?[#!@$%^&*()\-_+={}[\]|\\:;"'<>,.?\/]).{8,14}$

^                                              # anchors to start of string
(?=.*?[a-z])                                   # lookahead for lowercase
(?=.*?[A-Z])                                   # lookahead for uppercase
(?=.*?[0-9])                                   # lookahead for numbers
(?=.*?[#!@$%^&*()\-_+={}[\\]|\:;"'<>,.?\/])    # lookahead for special characters
.{8,14}                                        # the actual capture, also sets boundaries for 8-14
$                                              # anchors to end of string

Updated to include !, and @. Missed them in first test.

Updated to escape hyphen.

Regular Jo
  • 5,190
  • 3
  • 25
  • 47