-2

Hi i have a requirement to check on passwords . the password should not contain no more than 2 repetitive character.

my password must contain atleast upper case, lower case, number and special characters #?!@$%^&*-

so if i have a password like for example

Password123$ it is valid Passsword123$ it is invalid Passssword123$ it is invalid PPaassword123$$ valid PPaassword123$$$ it is invalid

please help me thank you

prasanth
  • 323
  • 1
  • 2
  • 13
  • You may want to take a look at [these guidelines](https://www.pluralsight.com/blog/security-professional/modern-password-guidelines) if you are implementing a password checking algorithm... – Garrett Motzner Feb 21 '19 at 00:09

3 Answers3

0

I'm not sure how to do the restricted character and the repeated character validation with the same pattern, but these two patterns will fill each need. To use them, compare your password string against the patterns, and if a match is found, the password fails.

Characters that are not letters, numbers or in the symbol group "#?!@$%^&*-"

[^\w#?!@$%^&*-]

Letters repeated 3 or more times

(.)\1{2,}
Abion47
  • 22,211
  • 4
  • 65
  • 88
0

To check for at least one of each type of character:

^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[#?!@$%^&*-])([a-zA-Z0-9#?!@$%^&*-]+)$

To check that no character repeats more than twice:

(?!(.)\1{2,})

So putting them together should give you:

^(?!(.)\1{2,})(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[#?!@$%^&*-])([a-zA-Z0-9#?!@$%^&*-]+)$
ItsPete
  • 2,363
  • 3
  • 27
  • 35
  • this doesn't allow any characters except `[a-zA-Z0-9#?!@$%^&*-]` - question doesn't preclude `(`, `_`, `:`, etc – jhnc Feb 20 '19 at 23:40
  • also the negative lookahead may need to be `(?!.*(.)\1\1)` – jhnc Feb 20 '19 at 23:46
  • That's an assumption though. The OP gave a specific list of special characters, not an example of special characters, seemingly precluding others. Granted, mine is an assumption too, but yours would fit more if they had said "special characters, eg. #?!@$%^&*-" – ItsPete Feb 20 '19 at 23:46
  • You're probably right on the negative lookahead, my regex is a bit rusty. – ItsPete Feb 20 '19 at 23:46
  • run it through regex101 and your expression doesn't match correctly. re assumptions, could be "anything not forbidden is allowed" or "anything not allowed is forbidden". only OP can decide – jhnc Feb 20 '19 at 23:50
0

https://regex101.com/r/CtBM4B/2/

^(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9])(?=.*[#?!@$%^&*-])((.)(?!\2\2))+$
  • ^...$ - must match entire string
  • (?=.*X) - must contain X
    • (?=.*[A-Z]) - A..Z
    • (?=.*[a-z]) - a..z
    • (?=.*[0-9]) - 0..9
    • (?=.*[#?!@$%^&*-]) - #?!@$%^&*-
  • (Y)+ - one or more repetitions of Y (capture group 1: \1)
    • (.) - anything (capture group 2: \2)
    • (.)(?!\2\2) - anything not followed by itself twice

Or slightly more efficiently, by pulling final condition out:

https://regex101.com/r/CtBM4B/3/

^(?!.*(.)\1\1)(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9])(?=.*[#?!@$%^&*-]).*$
  • (?!.*(.)\1\1) - must not contains three repetitions of any character
jhnc
  • 11,310
  • 1
  • 9
  • 26