Regular expression for password complexity

Question

I am trying to implement the enforcement of password complexity through regular expressions on both client (JavaScript) and server side (ASP.NET C#).

The rules are the following:

• Must be 8-40 characters
• Must contain at least one digit
• Must contain at least one lowercase letter
• Must contain at least one uppercase letter
• Must contain at least one special character

Can you please help construct the regular expression needed to validate the above?

Answer 1

try this regex here:

((?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%]).{8,40})

(           # Start of group
  (?=.*\d)      #   must contains one digit from 0-9
  (?=.*[a-z])       #   must contains one lowercase characters
  (?=.*[A-Z])       #   must contains one uppercase characters
  (?=.*[@#$%])      #   must contains one special symbols in the list "@#$%"
              .     #     match anything with previous condition checking
                {8,40}  #        length at least 8 characters and maximum of 40 
)