I have the following criteria for creating a regular expression for a password that conforms to the following rules:
The password must then contain characters from at least 3 of the following 4 rules:
I can make the expression match ALL of those rules with the following expression:
/^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.[\W]).{8,}$/
But I am struggling with how to do this in such a way that it only needs to solve any 3 of the 4 rules.
Can anyone help me out with this?
Basically (0+1)* mathes any sequence of ones and zeroes. So, in your example (0+1)*1(0+1)* should match any sequence that has 1. It would not match 000 , but it would match 010 , 1 , 111 etc. (0+1) means 0 OR 1.
To match a character having special meaning in regex, you need to use a escape sequence prefix with a backslash ( \ ). E.g., \. matches "." ; regex \+ matches "+" ; and regex \( matches "(" . You also need to use regex \\ to match "\" (back-slash).
Example: The regex "aa\n" tries to match two consecutive "a"s at the end of a line, inclusive the newline character itself. Example: "a\+" matches "a+" and not a series of one or "a"s. ^ the caret is the anchor for the start of the string, or the negation symbol.
Password must meet at least 3 out of the following 4 complexity rules, [at least 1 uppercase character (A-Z) at least 1 lowercase character (a-z) at least 1 digit (0-9) at least 1 special character — do not forget to treat space as special characters too] at least 10 characters at most 128 characters
One of the fundamental points of computer security is the password. It may be useful to help administrators and group leaders by encouraging them to use a complex passwords. These steps below will help you create a process more secure with regular expression (or Regex ).
Regular expressions are programmatic strings used to check whether an input string meets specific criteria. In Specops Password Policy, the string we are checking is a requested new password or passphrase, and the policy filter will allow the new password/passphrase only if it matches the regular expression.
Regular expressions are as complicated as they are powerful. Password strength requirements are a hot topic as of late due to a slew of compromised sites and services exposing millions of user accounts to hackers. To no one’s surprise, the most used passwords are embarrassingly weak. “password” anyone?
Don't use one regex to check it then.
if (password.length < 8) alert("bad password"); var hasUpperCase = /[A-Z]/.test(password); var hasLowerCase = /[a-z]/.test(password); var hasNumbers = /\d/.test(password); var hasNonalphas = /\W/.test(password); if (hasUpperCase + hasLowerCase + hasNumbers + hasNonalphas < 3) alert("bad password");
If you must use a single regex:
^(?:(?=.*[a-z])(?:(?=.*[A-Z])(?=.*[\d\W])|(?=.*\W)(?=.*\d))|(?=.*\W)(?=.*[A-Z])(?=.*\d)).{8,}$
This regex is not optimized for efficiency. It is constructed by A·B·C + A·B·D + A·C·D + B·C·D
with some factorization. Breakdown:
^ (?: (?=.*[a-z]) # 1. there is a lower-case letter ahead, (?: # and (?=.*[A-Z]) # 1.a.i) there is also an upper-case letter, and (?=.*[\d\W]) # 1.a.ii) a number (\d) or symbol (\W), | # or (?=.*\W) # 1.b.i) there is a symbol, and (?=.*\d) # 1.b.ii) a number ahead ) | # OR (?=.*\W) # 2.a) there is a symbol, and (?=.*[A-Z]) # 2.b) an upper-case letter, and (?=.*\d) # 2.c) a number ahead. ) .{8,} # the password must be at least 8 characters long. $
You could write a really sophisticated regex to do that. Instead, I’d suggest writing four distinct regexes, one for each rule, and testing them one by one, counting how many of them matched. If three out of four did, accept the password.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With