I'm writing a regular expression to validate a password. The conditions are:
Password must contain at least two special characters
Password must be at least eight characters long
Password must be alpha numeric
I'm able to make sure that there are atleast 8 characters, atleast one alphabet, atleast one number and atleast one special character using the below Regular expression:
(?=.*[A-z])(?=.*[0-9])(?=.*?[!##$%\^&*\(\)\-_+=;:'""\/\[\]{},.<>|`]).{8,32}
Only condition i'm not able to get is there must be atleast two special characters (Above Reg exp is atleast one special characters). Does anyone have any idea on this?
Thanks in advance.
Only condition i'm not able to get is there must be atleast two special characters.
Make it twice by putting the pattern which was present inside the lookahead inside a group and then make it to repeat exactly two times.
^(?=.*[A-Za-z])(?=.*[0-9])(?=(?:.*?[!##$%\^&*\(\)\-_+=;:'""\/\[\]{},.<>|`]){2}).{8,32}$
If you want to allow atleast 8 characters then you don't need to include 32 inside the range quantifier, just .{8,} would be enough.
Related
I'm trying to create a regex that will meet the following requirements for a password.
Must have at least 1 uppercase
Must have at least 1 lowercase
Must contain a number OR a symbol - FAILS
Must be between 8 to 16 characters long
^(?=.*\d|[!##\$%\^&])(?=.*[a-z])(?=.*[A-Z]).{8,16}$
I've got it working, well almost, except the OR part.
It verifies for instance Tester01 and Tester0% but it wont verify Tester%$ or anything with two symbols, just in case the user doesn't put in a number. I've also tried putting brackets around the \d thinking I had to separate the digits from the symbols but that didn't work.
Your alternation condition isn't correct. Instead you can just slide the \d within the special characters bracket and change your regex to this,
^(?=.*[\d!##\$%\^&])(?=.*[a-z])(?=.*[A-Z]).{8,16}$
Now your this look ahead (?=.*[\d!##\$%\^&]) behaves exactly as you wanted. It will ensure that either one character is any digit or the other special characters mentioned in your character class.
Demo
The reason why your look ahead (?=.*\d|[!##\$%\^&]) fails is because your first alternation condition is .*\d and second is merely [!##\$%\^&] where as if correctly written it should have been either this,
(?=.*\d|.*[!##\$%\^&])
OR
(?=.*(\d|[!##\$%\^&]))
And you really don't need alternation at all if you write it like the way I have written above, where you can just put \d within the character set itself, like this,
(?=.*([\d!##\$%\^&]))
Use the principle of contrast with multiple lookaheads.
^
(?=[^A-Z]*[A-Z])
(?=[^a-z]*[a-z])
(?=[^\d!##\$%\^&]*[^\d!##\$%\^&])
.{8,16}
$
But please read this post as well (why password validations are bad?) and see a demo on regex101.com.
I need to create a regular expression to validate a strong password in my MVC Model. Here are the rules that I need to apply:
Min 7 characters
Max 15 characters
At least 3 out of 4 different types of characters.
Numbers
Lowercase
Uppercase
Special (viz. !##$%&/=?_.)
Here's what I have tried so far:
[DataType(DataType.Password)]
[RegularExpression("([a-z]|[A-Z]|[0-9]|[\\W]){4}[a-zA-Z0-9\\W]{3,11}", ErrorMessage = "Invalid password format")]
public string Password { get; set; }
Creating a regex that will find any number of different kinds of character classes in any order is a little challenging because as soon as you match a character, it's already captured and you can't back it up. However, the .NET regex engine supports lookahead expressions. Therefore, you can check to make sure that a string contains something without actually capturing any of the string. For instance, let's say that you want to find any 10 character long string that contains at least one instance of the letter "J". You could do that easily with a lookahead expression, like this:
(?=.*J).{10}
The (?=) construct declares a lookahead pattern. The pattern it looks for is .*J, which means that, starting at the current position, there can be any number of any character followed by a letter "J". If anything comes after the J, that's fine, it will still match. However, since it's a lookahead, none of those characters were actually captured, so then the .{10} capturing part of the pattern picks up from the original position and matches from there. Since the lookaheads don't move the position at all, you can put multiple of them in a row without consequence, so you can do something like this:
^(?=.*[A-Z])(?=.*\d)(?=.*[a-z])(?=.*\W).{7,15}$
As far as applying only three of the four character class rules, the only way I can think of to do that would be to list all of the combinations (e.g. for two of the three rules A, B, and C, you could match AB|AC|BC) . So for instance, if you were only concerned with two of the three (uppercase, lowercase, and digits, for instance), you could structure your lookaheads like this:
(?:(?=.*[A-Z])(?=.*\d)|(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[a-z]))
Making it support there out of four would just be a matter of making the list of options even longer...
A development of Steven's answer would be to test for all possible combinations of the types:
^((?=.*[A-Z])(?=.*\d)(?=.*[a-z])|(?=.*[A-Z])(?=.*\d)(?=.*[!##$%&\/=?_.-])|(?=.*[A-Z])(?=.*[a-z])(?=.*[!##$%&\/=?_.-])|(?=.*\d)(?=.*[a-z])(?=.*[!##$%&\/=?_.-])).{7,15}$
Also using the given special characters.
In a more readable form
^((?=.*[A-Z])(?=.*\d)(?=.*[a-z])|
(?=.*[A-Z])(?=.*\d)(?=.*[!##$%&\/=?_.-])|
(?=.*[A-Z])(?=.*[a-z])(?=.*[!##$%&\/=?_.-])|
(?=.*\d)(?=.*[a-z])(?=.*[!##$%&\/=?_.-])).{7,15}$
Test for either of the possible four combinations of types and make sure there are 7-14 of them.
Regards
Working on password-field.
The regex expression for a field container letters (lowercase, uppercase), digits and some special characters will look like this:
^([a-z,A-Z,0-9,#,$,%,&,_,]{8,20})*$
Tell me please, how this should be modified if I want every pass phrase to have at least one lowercase, one uppercase and one digit?
For example, for 3-characters long pass it is:
'aB3' - pass
'ab3' - fail
You need to use lookaheads and also you need to remove all the commas present inside the character class.
^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?\d)[a-zA-Z0-9#$%&_]{8,20}$
Note that the password must be atleast 8 and atmost 20 chars long.
DEMO
THIS ANSWER HAS BEEN ARCHIVED BECAUSE IT SUCKS.
Use the + token, which tells the engine to attempt to find one or more of the preceding token. e.g:
^(?=[a-z]+)(?=[A-Z])+(?=[0-9])+(?=[#$%&_\,\.]*)$
Then, use a length check elsewhere in the code to verify length.
I have the following regular expression:
^.*(?=^.{8,}$)(?=.*\d)(?=.*[!##$%^&*-])(?=.*[A-Z])(?=.*[a-z]).*$
I am using it to validate for
At least one letter
least one capital letter
least one number
least one special characters
least 8 characters
But along with this I need to restrict the underscore (_).
If I enter password Pa$sw0rd, this is validating correctly, which is true.
If I enter Pa$_sw0rd this is also validating correctly, which is wrong.
The thing is the regex is passing when all the rules are satisfied. I want a rule to restrict underscore along with above.
Any help will be very appreciable.
I think you can use a negated character class [^_]* to add this restriction (also, remove the initial .*, it is redundant, and the first look-ahead is already at the beginning of the pattern, no need to duplicate ^, and it is totally redundant since the total length limit can be checked at the end):
^(?=.*\d)(?=.*[!##$%^&*-])(?=.*[A-Z])(?=.*[a-z])[^_]{8,}$
See demo
^(?=.*?\d)(?=.*?[!##$%^&*-])(?=.*?[A-Z])(?=.*?[a-z])(?!.*_).{8,}$
You can try this..* at start is of no use.See demo.
https://regex101.com/r/pG1kU1/34
I've looked on here for some ideas but I still seem to be struggling with coming up with a regular expression to meet my requirements.
I need a regular expression to check a password format, the criteria are:
At least 1 uppercase letter
At least 1 number
Only alphanumeric characters (no special characters)
At least 8 characters long
The regular expression I'm using is:
^(?=.*[a-z])(?=.*[A-Z])(?=.*\d).{8,}$
However this is also allowing characters like !$&.
Is there a modification I need to make to this to get it to stop these special characters being accepted?
Change the last part .{8,} to [a-zA-Z\d]{8,}
^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$