Title: Only works for English culture
Name: Cecil
Date: 5/4/2012 3:42:58 AM
Comment:
This regex would not really work in most other cultures as they use more than the most basic Latin alphabet. There are things like diacritics (ä, ö, ü,), ligatures (æ), runes (Þ), ... And those letters are not part of other alphabets like the Greek, Cyrillic, Chinese, Arabic and all those others. They are an extension for the Latin alphabet and commonly used and most people are not even aware that they are not basic Latin. But you regex does not treat them as lower/upper case letters and it does not treat them as special characters either. They simply don't exist for this regex. They only count for length. So while this is a very good regex, it definitely is not 'THE' regex for complex passwords.
Title: Thanks!!
Name: JP
Date: 7/7/2011 8:22:23 PM
Comment:
Thanks Matthew for this useful pattern. Thanks also to Rustam adjusting it to handle whitespace (ie. I didn't want whitespace to be counted as a special character). :)
Title: $ and #
Name: Anil metla
Date: 7/7/2009 11:39:02 AM
Comment:
Instead of having all the special characters i want to include just $ and # all other conditions are same.
Title: $ and #
Name: Anil metla
Date: 7/7/2009 11:36:53 AM
Comment:
Instead of having all the special characters i want to include just $ and # all other conditions are same.
Title: $ and #
Name: Anil metla
Date: 7/7/2009 11:36:27 AM
Comment:
Instead of having all the special characters i want to include just $ and # all other conditions are same.
Title: $ and #
Name: Anil metla
Date: 7/7/2009 11:35:56 AM
Comment:
Instead of having all the special characters i want to include just $ and # all other conditions are same.
Title: $ and #
Name: Anil metla
Date: 7/7/2009 11:35:22 AM
Comment:
Instead of having all the special characters i want to include just $ and # all other conditions are same.
Title: Thanks
Name: Chris
Date: 4/4/2007 2:00:51 PM
Comment:
The pattern you posted works great. Is there any way that It cannot contain a character that is repeated more than 4 times in the password.
Title: Thanks
Name: Chris
Date: 4/4/2007 1:57:30 PM
Comment:
The pattern you posted works great. Is there any way that It cannot contain a character that is repeated more than 4 times in the password.
Title: Thanks
Name: Chris
Date: 4/4/2007 1:01:39 PM
Comment:
The pattern you posted works great. Is there any way that It cannot contain a character that is repeated more than 4 times in the password.
Title: Thanks
Name: Chris
Date: 4/4/2007 1:00:34 PM
Comment:
The pattern you posted works great. Is there any way that It cannot contain a character that is repeated more than 4 times in the password.
Title: Many thanks!!!
Name: Michael D'Angelo
Date: 7/28/2006 4:17:48 PM
Comment:
I managed to come up with something similar on my own to match Active Directory's complexity requirements, but it refused to work with IE!!!
Turns out is a bug with how look-ahead is implemented. This pattern nicely works around the bug by also having (?=^.{6,255}$) at the beginning. If only I came across this one sooner!
Title: Wrong match?
Name: Winston
Date: 4/5/2005 4:29:59 AM
Comment:
Very useful pattern.
Though, I noticed that the password
8lxNsGokYfyAeNdW
matches the pattern although it contains no special character.
Title: You Da Man!
Name: Zack Jones
Date: 12/17/2004 2:17:55 PM
Comment:
Matthew,
Thanks for the help and explanation. The RegEx you posted works GREAT!
Title: Crap.. I was a bit Long Winded! Here is the rest.
Name: Matthew Hazzard
Date: 12/17/2004 12:32:48 PM
Comment:
From the pattern above:
First Match the Length Criteria: (?=^.{6,255}$)
Then a number anywhere in the string: (?=.*\d)
Then a capital letter anywhere in the string: (?=.*[A-Z])Then a lowercase letter anywhere in the string: (?=.*[a-z])Then a special character anywhere in the string:
(?=.*[^A-Za-z0-9])
Then for JavaScript Regex compatability Match any character after the start of the string: ^.* ( this result is chained together with the logical result from our 0-width matches to produce the result.
All together this yeilds:
(?=^.{6,255}$)(?=.*\d)(?=.*[A-Z])(?=.*[a-z])(?=.*[^A-Za-z0-9])^.*
Title: Here is what you need. Please see the description.
Name: Matthew Hazzard
Date: 12/17/2004 12:31:00 PM
Comment:
If you note the description, this pattern is designed to meet any 3 of the 4 criteria listed. Hence, all of the "Or Logic" complexity. I failed to mention this in the description but this pattern is intended to be a single line pattern as it emposes a Start and End constraint; however, it will work just fine as long as you are using the .NET Regex engine with multi-line selected.
The two test patterns you listed performed exactally as they should have. One represents only 2 of the 4 possible types and fails. The Second represents 3 of the 4 catagories and succeeds. (Please note that "abc12345" and "matt123" are essentially the same case which you reported different results for -- case insensitivity.)
The pattern requirements that you describe reduces the pattern to a series of zero width matches. All of that "Or Logic" can go away.
From the pattern above:
First Match the Length Criteria:
(?=^.{6,255}$)
Then a number anywhere in the string: (?=.*\d)
Then a capi
Title: Case Sensitivity
Name: Zack Jones
Date: 12/17/2004 12:05:48 PM
Comment:
Case Insensitive was not checked. The only options checked were Multiline and .Net Regex Engine. I performed 2 tests using "matt123" which had no matches and then "matt123!" which did match which I wouldn't expect because it does not contain a capital letter.
Title: Did you check Case Insensitivity
Name: Matthew Hazzard
Date: 12/17/2004 11:50:54 AM
Comment:
Case Insensitivity is selected by default on this site's testing utility (Props to Thomas Johansen for including it for providing such a handy testing Utility). Clearly this option can't be selected as your test case requires it.
Title: Or Logic?
Name: Zack Jones
Date: 12/17/2004 11:36:46 AM
Comment:
Greetings,
When I test this expression with "abc12345" it matches and I wouldn't expect it to. What I need is an expression that requires at least one capital letter, AND at least 1 lower case letter, AND at least one special character AND at least 1 number AND at is at least 8 characters long. Can you help me out with that?
Title: How to search text file
Name: John
Date: 12/8/2004 5:13:43 PM
Comment:
Um, Phil?
Try:
1) install Cygwin
2) use sed
Title: search text file
Name: Phil
Date: 12/8/2004 9:16:52 AM
Comment:
OK, I got the textfile search to work using Expresso. However, I'm getting some false matches because of CRLF which separate passwords in the list. Is there a way I can modify the search expression to ignore CRLF characters?
TIA,
Phil
Title: howto search a text file
Name: Phil
Date: 12/7/2004 9:13:36 PM
Comment:
I use this expression to validate passwords input by users to a web application and it works great. However, I would also like to search a text file to find passwords that match the criteria. I have been unsuccessful so far and was wondering if the expression needs to be modified to perform that type of operation or if there is a special tool that can accomplish the task. Findstr and EditPlus is what I've tried so far.
TIA
Title: Maybe I'm being picky
Name: Rustam Kasad
Date: 12/6/2004 6:02:14 PM
Comment:
Working with this regex was very instructive for me. Much Thanks to Matthew Hazzard.
<br>
<br>
However, I modified the expression slightly to help with my testing. I was using The Regulator to do my testing, and I had written a bunch of input that should succeed and some that should fail. For some reason, i was getting some unexpected successes. And I realized that using this regex to test against a file of passphrases/words, the newline/CR was being counted as a "special" character. To deal with this, I tightened up Mr. Savage's regex to be the following:
<br>
<br>
((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9\s])(?=.*[a-z])|(?=.*[^A-Za-z0-9\s])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9\s]))
<br>
<br>
Basically, all i did was add \s to all the special-character expression groups. Now in addition to excluding alpha-num's in those groups, it's also excluding non-whitespace characters such as \t\r\n etc...
Again, thanks Matthew.
Title: Developer
Name: Jenny Wang
Date: 10/22/2004 12:48:39 PM
Comment:
very useful
Title: Your Welcome
Name: Matthew Hazzard
Date: 10/15/2004 7:35:28 PM
Comment:
I created this pattern to meet the Mircosoft Security Baseline Recommendations for Complex password criteria. That is the reason any combination of 3 out of 4 of the character groups are allowed. If that is not a requirement that certainly simplifies things significantly. Glad it worked out for you on some level.
Title: Thanks!!!
Name: Harold
Date: 10/15/2004 4:01:43 PM
Comment:
Awesome,
I modified yours a little and came up with a shorter version that seems to work.
(?=^.{10,15}$)(?=.*\d.*\d)(?=.*[A-Z].*[A-Z])(?=.*[a-z].*[a-z])(?=.*[^A-Za-z0-9].*[^A-Za-z0-9])^.*
This requires 2 charachters from all 4 groups.
Thanks again
Title: Extended to meet your request.
Name: Matthew Hazzard
Date: 10/15/2004 1:35:12 PM
Comment:
To modify the regex you need to enforce a minumum length of 10 simply change the first element to (?=^.{10,255}$) to match string start, between 10 and 255 chars, and string end.
To enforce at least 2 characters from each set you would simply check each character type 2x. For example,(?=.*[A-Z].*[A-Z])
Putting it all together yeilds ( a really long nasty string that is a good candidate for the submatch naming function):
(?=^.{10,255}$)((?=.*\d.*\d)(?=.*[A-Z].*[A-Z])(?=.*[a-z].*[a-z])|(?=.*\d.*\d)(?=.*[^A-Za-z0-9].*[^A-Za-z0-9])(?=.*[a-z].*[a-z])|(?=.*[^A-Za-z0-9].*[^A-Za-z0-9])(?=.*[A-Z].*[A-Z])(?=.*[a-z].*[a-z])|(?=.*\d.*\d)(?=.*[A-Z].*[A-Z])(?=.*[^A-Za-z0-9].*[^A-Za-z0-9]))^.*$
This matches PAssw012rd, 1#2$trythis ....
Fails AAcc56789, Password1234567 ...
Title: Can you extend this?
Name: Harold
Date: 10/15/2004 12:07:06 PM
Comment:
I really need this to require 2 or more characters from each catagory. I need a password to be at least 10 characters also. Thanks.
