Regular Expression for Password Strength Validation

Question

I have written a regular expression which could potentially be used for password strength validation:

^(?:([A-Z])*([a-z])*(\d)*(\W)*){8,12}$

The expression consists of four groups:

1. Zero or more uppercase characters
2. Zero or more lowercase characters
3. Zero or more decimal digits
4. Zero or more non-word characters (!, £, $, %, etc.)

The way I want it to work is to determine how many of the groups have been matched in order to determine the strength of the password. so for example, if only 1 group is matched, it would be weak. If all four groups were matched, it would be strong.

I have tested the expression using Rubular (a Ruby regular expression editor).

Here I can see visually, how many groups are matched, but I want to do this in JavaScript. I wrote a script that returns the number of matched groups, but the results were not the same as I can see in Rubular.

How can I achieve this in JavaScript? and is my regular expression up to the task?

Answer 1

I think you'll have to check each group independently. Pseudo-code:

bool[] array = {};
array[0] = pwd.match(/[A-Z]/);
array[1] = pwd.match(/[a-z]/);
array[2] = pwd.match(/\d/);
array[3] = pwd.match(/[!_.-]/);

int sum = 0;
for (int i=0; i<array.length; i++) {
    sum += array[i] ? 1 : 0;
}

switch (sum) {
    case 0: print("weird..."); break;
    case 1: print("weak"); break;
    case 2: print("ok"); break;
    case 3: print("strong"); break;
    case 4: print("awesome"); break;
    default: print("weird..."); break;
}