0

I'm trying to come up with a regex that validates passwords. The restrictions are as follows:

  1. Must be at least two of the following:

    • one lowercase [a-z],
    • one uppercase [A-Z],
    • one digit [\d],
    • one special character [!@#\$%\^\&*)(+=._-].

  2. must not begin or end with white-space but can contain white-spaces inside,

  3. must be between 7 and 20 characters long.

So far, this is the last version of what I've come up with:

^(?=.{7,20}$)(?:(?=.*[\d!@#\$%\^\&*\)\(+=._-])(?=.*[a-z])\S*|(?=.*[A-Z])(?=.*[\d!@#\$%\^\&*\)\(+=._-])\S*|(?=.*[A-Z])(?=.*[a-z])\S*|(?=.*[\d)\(+=._-])(?=.*[!@#\$%\^\&*\)\(+=._-])\S*)$

This works for all of the above except letting white-spaces inside. I've gone through multiple regex and this is the best one so far (but also the ugliest).

Edit: Thank you for the fast replies. Why these requirements are in place is beside the point. I know passwords would be more secure if all of the above were required. But as not all customers use password managers... Now, why is this not a duplicate question? Because no other thread requires any two of the above. They simply start with requiring specific two, than adding another one and so on. This needs to be any two conditions.

say-toshi
  • 21
  • 3
  • 3
    Why limit the length of a password? I never understood why anyone would do this – Manuel Mannhardt Aug 27 '19 at 06:17
  • If you required all four groups, the password would be stronger and also the regex would be much easier to write. – Tim Biegeleisen Aug 27 '19 at 06:17
  • @ManuelMannhardt me, too. It's especially jarring in this day and age when everybody should know to hash and salt passwords. But it's even more vexing when big websites still limit you on password length or even in what characters you can enter. Not allowing a space is bizarre - I tend to use pass phrases and *not* having spaces makes coming up with one harder. – VLAZ Aug 27 '19 at 06:20
  • 1
    Instead of writing one long regex, I recommend writing short, easy to understand regexes for each of these requirements, and then compose them using functions. That way, you can freely add/remove/update requirements, and the person coming after you to work on this will not kill himself with fire. Another really good advantage is that you can show errors about exactly the condition that failed. – Akash Aug 27 '19 at 06:28
  • I can not see how your requirement not to start with a whitespace is [fulfilled](https://regexper.com/#%5E%28%3F%3D.%7B7%2C20%7D%24%29%28%3F%3A%28%3F%3D.*%5B%5Cd!%40%23%5C%24%25%5C%5E%5C%26*%5C%29%5C%28%2B%3D._-%5D%29%28%3F%3D.*%5Ba-z%5D%29%5CS*%7C%28%3F%3D.*%5BA-Z%5D%29%28%3F%3D.*%5B%5Cd!%40%23%5C%24%25%5C%5E%5C%26*%5C%29%5C%28%2B%3D._-%5D%29%5CS*%7C%28%3F%3D.*%5BA-Z%5D%29%28%3F%3D.*%5Ba-z%5D%29%5CS*%7C%28%3F%3D.*%5B%5Cd%29%5C%28%2B%3D._-%5D%29%28%3F%3D.*%5B!%40%23%5C%24%25%5C%5E%5C%26*%5C%29%5C%28%2B%3D._-%5D%29%5CS*%29%24) – ceving Aug 27 '19 at 06:30
  • @AkashAgrawal great idea! – say-toshi Aug 27 '19 at 07:05
  • @ceving it's fulfilled, look here https://regex101.com/r/C9kJ4j/2 – say-toshi Aug 27 '19 at 07:27

1 Answers1

0

Hey you can use below regex to fulfill your requirement

^(?=.\d)(?=.[A-Z])(?=.[a-z])(?=.[^\w\d\s:])([^\s]){7,20}$

Kinjal Gor
  • 401
  • 2
  • 5
  • 15