sticky
Password Strength Expression

    Question

  • It's been a while since I've had to use regular expressions.

    Can someone explain this to me in layman's terms?

    ^(?=.{8,30})(?=.*[^A-Za-z])(?=.*[A-Z])(?=.*[a-z]).*
    Tuesday, February 09, 2010 7:43 PM

Answers

  • These are all assertions...

    ^ = starting from the beginning of the string...
    (?=.{8,30}) = there is a string that is at least 8 characters long... (the upper bound of 30 cannot work this way)
    (?=.*[^A-Za-z]) = somewhere in the string, there is at least one non-alphabetic character...
    (?=.*[A-Z]) = somewhere in the string, there is at least one uppercase character...
    (?=.*[a-z]) = somewhere in the string, there is at least one lowercase character....

    .* match anyting, provided that all the above conditions are met.

    HTH
    --mc
    • Marked as answer by LarryEis Tuesday, February 09, 2010 8:16 PM
    Tuesday, February 09, 2010 8:14 PM

All replies

  • These are all assertions...

    ^ = starting from the beginning of the string...
    (?=.{8,30}) = there is a string that is at least 8 characters long... (the upper bound of 30 cannot work this way)
    (?=.*[^A-Za-z]) = somewhere in the string, there is at least one non-alphabetic character...
    (?=.*[A-Z]) = somewhere in the string, there is at least one uppercase character...
    (?=.*[a-z]) = somewhere in the string, there is at least one lowercase character....

    .* match anyting, provided that all the above conditions are met.

    HTH
    --mc
    • Marked as answer by LarryEis Tuesday, February 09, 2010 8:16 PM
    Tuesday, February 09, 2010 8:14 PM
  • Thanks.
    Tuesday, February 09, 2010 8:17 PM

  • (?=.{8,30}) = there is a string that is at least 8 characters long... (the upper bound of 30 cannot work this way)

    Mario has a point...the above fails. To enforce the thirty character limit change the pattern to this:

    ^(?!.{31})(?=.{8})(?=.*[^A-Za-z])(?=.*[A-Z])(?=.*[a-z]).*$


    (?!.{31})  - Match invalidator, if it finds 31 characters it invalidates the match. Nothing returned
    $ - END of line

     

    To add to Mario's, correct, statement

    .* Match anything, zero or more times.

     

     


    William Wegerson (www.OmegaCoder.Com )
    • Proposed as answer by _Jazz Tuesday, February 22, 2011 7:08 PM
    Tuesday, February 09, 2010 9:26 PM
  • This pattern surely limits 30 chars and also accepts one or more numeral, small case and upper case alphabets.
    Regards, Rule the Codes and Code New Rules
    Tuesday, February 22, 2011 7:10 PM
  • great stub !!
    Vedigoundan Gurunathan
    Friday, March 04, 2011 4:29 AM
  • Very good !
    Wednesday, April 13, 2011 1:39 PM
  • Hi LarryEis,

    Use the below expression,

    ^(?!.{31})(?=.{8})(?=.*[^A-Za-z])(?=.*[A-Z])(?=.*[a-z]).*$


    ^  = starting from the beginning of the string
    (?=.{8,31}) = there is a string that is at least 8 characters long... (the upper bound of 31)
    (?=.*[^A-Za-z]) = somewhere in the string, there is at least one non-alphabetic character
    (?=.*[A-Z]) = somewhere in the string, there is at least one uppercase character
    (?=.*[a-z]) = somewhere in the string, there is at least one lowercase character

    Thanks

    Roozan Bharucha

    MCT, MCPD Windows Frmwk 4.0

    • Proposed as answer by Rex Honour Monday, April 25, 2011 9:34 AM
    Monday, April 25, 2011 7:52 AM
  • This regex can also be helpful:

    {8,15}$)(?=.*\d)((?=.*\W+)|(?=.*[A-Z]))(?![.\n]).*$

     

    This is according to the standards which asks for minimum 8 to maximum 15 characters

    One mandatory UpperCase Alphabet,

    One mandatory LowerCase Alphabet,

    One mandatory Number.

    Friday, April 29, 2011 10:13 AM
  • Yes , I agree with this ?= is the condition if the case is this then whats the result

    \ is the escape case

    [A-Z] any character between A -Z

    * any case i.e small or capital letters

    8-15 strength of the letter

    Monday, May 23, 2011 7:21 AM
  • Assert a string is 8 or more characters:
    (?=.{8,})

    Assert a string contains at least 1 lowercase letter (zero or more characters followed by a lowercase character):
    (?=.*[a-z])

    Assert a string contains at least 1 uppercase letter (zero or more characters followed by an uppercase character):
    (?=.*[A-Z])

    Assert a string contains at least 1 digit:
    (?=.*[\d])

    Assert a string contains at least 1 special character:
    (?=.*[\W])

    Assert a string contains at least 1 special character or a digit:
    (?=.*[\d\W])

    • Proposed as answer by Mustee01 Monday, July 04, 2011 8:08 PM
    • Unproposed as answer by Mustee01 Monday, July 04, 2011 8:09 PM
    Saturday, June 18, 2011 5:34 PM
  • Regular expressions are one of those things where you have to keep in practise as it could become quite complicated.. But if you don't use it for a while and suddenly jump into it again, it all comes back..
    Tuesday, February 07, 2012 9:00 AM
  • Please visit following link:

    http://www.zorched.net/2009/05/08/password-strength-validation-with-regular-expressions/

    Monday, February 13, 2012 5:36 AM
  • I need one for

    Minimum of 8 (eight) characters and at least 1 non-alphanumeric characters.

    Is it right?

    ^(?=.{8,})(?=.*[^A-Za-z])*

    Tuesday, February 14, 2012 5:10 PM
  • Refer Following urls

    http://www.zorched.net/2009/05/08/password-strength-validation-with-regular-expressions/

    http://www.techpint.com/programming/regular-expression-check-password-strength


    Gehan Fernando Snr. Engineer Technology. AKLO Information Technologies (Pvt) Ltd. #58, 42nd Lane, 5th Floor, Wellawatta, Colombo 06, Sri Lanka. Phone: +94 117 520000 | Mobile: +94 772 269625

    • Proposed as answer by ardmore Wednesday, May 23, 2012 12:46 PM
    Wednesday, May 23, 2012 10:00 AM