I have a validation control that has the following expression:
(?=(.*\\d.*){2,})(?=(.*\\w.*){2,})(?=(.*\\W.*){1,}).{8,}
That's a password with at least 2 digits, 2 alpha characters, 1 non-alphanumeric and 8 character minimum. Unfortunately this doesn't seem to be cross-browser compliant.
This validation works perfectly in Firefox, but it does not in Internet Explorer.
A combination of each of your answers results in:
var format = "^(?=.{" + minLength + ",})" +
(minAlpha > 0 ? "(?=(.*[A-Za-z].*){" + minAlpha + ",})" : "") +
(minNum > 0 ? "(?=(.*[0-9].*){" + minNum + ",})" : "") +
(minNonAlpha > 0 ? "(?=(.*\\W.*){" + minNonAlpha + ",})" : "") + ".*$";
EX: "^(?=.{x,})(?=(.*[A-Za-z].*){y,})(?=(.*[0-9].*){z,})(?=(.*\W.*){a,}).*$"
The important piece is having the (?.{x,}) for the length first.
To validate for strong passwords we will use RegularExpressionValidator with REGEX. For this example we will take three different scenarios: Validate strong password which must have 8-10 characters long with at least one numeric character.
A password strength meter is an indicator, either in graphical or text form, of the strength of a password as entered by a user. A password strength meter shows how resistant a given password might be to password cracking attempts like brute force and dictionary attacks.
This validator is used to validate the value of an input control against the pattern defined by a regular expression. It allows us to check and validate predictable sequences of characters like: e-mail address, telephone number etc.
(?=(.*\W.*){0,})
is not 0 non-alphanumeric characters. It is at least 0 non-alphanumeric characters. If you wanted the password to not contain any non-alphanumeric characters you could do either (?!.*\W)
or (?=\w*$)
.
A simpler solution would be to skip the \W
look-ahead, and use \w{8,}
instead of .{8,}
.
Also, \w
includes \d
. If you wanted just the alpha you could do either [^\W\d]
or [A-Za-z]
.
/^(?=(?:.*?\d){2})(?=(?:.*?[A-Za-z]){2})\w{8,}$/
This would validate the password to contain at least two digits, two alphas, be at least 8 characters long, and contain only alpha-numeric characters (including underscore).
\w
= [A-Za-z0-9_]
\d
= [0-9]
\s
= [ \t\n\r\f\v]
Edit: To use this in all browsers you probably need to do something like this:
var re = new RegExp("^(?=(?:.*?\\d){2})(?=(?:.*?[A-Za-z]){2})\\w{8,}$");
if (re.test(password)) { /* ok */ }
Edit2: The recent update in the question almost invalidates my whole answer. ^^;;
You should still be able to use the JavaScript code in the end, if you replace the pattern with what you had originally.
Edit3: OK. Now I see what you mean.
/^(?=.*[a-z].*[a-z])(?=.*[0-9].*[0-9]).{3,}/.test("password123") // matches
/^(?=.*[a-z].*[a-z])(?=.*[0-9].*[0-9]).{4,}/.test("password123") // does not match
/^(?=.*[a-z].*[a-z]).{4,}/.test("password123") // matches
It seems (?= )
isn't really zero-width in Internet Explorer.
http://development.thatoneplace.net/2008/05/bug-discovered-in-internet-explorer-7.html
Edit4: More reading: http://blog.stevenlevithan.com/archives/regex-lookahead-bug
I think this can solve your problem:
/^(?=.{8,}$)(?=(?:.*?\d){2})(?=(?:.*?[A-Za-z]){2})(?=(?:.*?\W){1})/
new RegExp("^(?=.{8,}$)(?=(?:.*?\\d){2})(?=(?:.*?[A-Za-z]){2})(?=(?:.*?\\W){1})")
The (?=.{8,}$)
needs to come first.
This will get you 2 min digits, 2 min characters, and min 8 character length... I refuse to show you how to not allow users to have non-alphanumeric characters in their passwords, why do sites want to enforce less secure passwords?
^(?=.*\d{2})(?=.*[a-zA-Z]{2}).{8,}$
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With