I have a list of passwords that I need to examine and determine if they meet the default 3 of 4 rule for AD.
Rule is contain 3 of the 4 following requirements: lower case character (a-z) upper case character (A-Z) numeric (0-9) special character ( !@#$%^&()+= )
I am still learning Regex. I know how to select only those that meet any one character case, but I am not sure how to do 3 of 4.
You will have to build up the regular expression like this:
rule = [ "[a-z]", "[A-Z]", "[0-9]", "[!@#$%\^\&\(\)\+=]" ]
regex = ""
first = true
for a in 0..3:
for b in 0..3:
if a == b: continue
for c in 0..3:
if a == c or b == c: continue
if not first:
regex += "|"
regex += "(" + rule[a] + ".*" + rule[b] + ".*" + rule[c] + ")"
first = false
I'm not sure if I escaped the special characters correctly. It's kind of dependant on the language/toolkit you're using.
Does it have to be all one big regex? You could do 4 regexes, each checking one thing and then make sure 3 of the 4 are matches. That would be easier, less error prone and more maintainable.
If you really want one big regex it would be something like this:
(?=^.{8,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.*
Note that it also enforces password length to be between 8 and 255 characters. You can change the "{8,255}" portion in the first section to adjust the length requirements. It is also worth noting that this is working for me in a standard ASP.NET RegularExpressionValidator control.
Matches: "Passw0rd" "passW@rd" "1B2a345@#$%"
Non-Matches: "123123123" "Password" "asdf&"
Source (Matthew Hazzard via RegExLib.com)