Regex password checker

Question

I am creating some regex code so I can check passwords when a customer is trying to create a account. Currently I have two pieces of code that seem to work when tested on :- http://www.regexplanet.com/simple/index.html.

The first bit is:

^.*(?=.{8,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=]).*$

This makes sure:

• Password is 8 digits long
• Contains at least one one lower case letter, one upper case letter, one digit and one special character

The second part is:

\S*(.)\1{3,}\S*

This makes sure:

Any 4 or more consecutive identical characters are matched.

The question is, how can I combine them both? I have tried to no avail but they seem to be working fine seperatly.

Thanks

Answer 1

You might want to considering allowing passwords greater then at least 12 characters. Do yourself a favor and your customer's a favor and allow a customer to use any size password greater then 12 characters. Anything less then 12 is extremely easy to brute foce.

As to your question I will let somebody else answer that.