ansaurus

Question

A sensible PasswordStrengthRegularExpression

Answer 1

+5 A:

Here is a regex that allows all characters and requires at least one number and requiring at least 6 characters.

^.*(?=.{6,})(?=.*\d).*$

If you want more or less characters defined simply change (?=.{6,}) to reflect the number of characters you want as a minimum.

Andrew Hare 2009-01-15 17:29:13

Why "^.*(?=.{6,})"? Wouldn't "^(?=.{6,})" be enough to enforce the length requirement?

Tomalak 2009-01-15 17:35:11

With "^(?=.{6,}$)(?=.*\d).*$", you are even able to define a maximum length.

Tomalak 2009-01-15 17:37:39

123456 passes the test

Diadistis 2009-01-15 17:41:34

I don't see any requirement that would make 123456 invalid.

Andrew Hare 2009-01-15 17:45:08

Answer 2

+2 A:

We just implemented the following expression to validate a pwd of 8 to 16 characters and contain three of the following 4 items: upper case letter, lower case letter, a symbol, a number

(?=^[^\s]{8,16}$)((?=.*?\d)(?=.*?[A-Z])(?=.*?[a-z])|(?=.*?\d)(?=.*?[^\w\d\s])(?=.*?[a-z])|(?=.*?[^\w\d\s])(?=.*?[A-Z])(?=.*?[a-z])|(?=.*?\d)(?=.*?[A-Z])(?=.*?[^\w\d\s]))^.*

An explanation of individual components:

(?=^[^\s]{8,16}$) - contain between 8 and 16 non-whitespace characters
(?=.*?\d) - contains 1 numeric
(?=.*?[A-Z]) - contains 1 uppercase character
(?=.*?[a-z]) - contains 1 lowercase character
(?=.*?[^\w\d\s]) - contains 1 symbol

notice after the length segment the double parens and later in the expression you'll see several |'s. This allows for the either/or comparison of the 4 possible combinations that are allowed.

After writing this I just noticed this question was asked over a year ago. Since I had come across this question in my search I hope someone else can also benefit from our solution.

Jeff 2010-05-18 19:24:36

Thanks. I know it was an old question, but this really helped me!

Bobby Ortiz 2010-09-21 20:15:38

ansaurus

tags:

views:

answers:

A sensible PasswordStrengthRegularExpression

Note

related questions