| Title |
Test
Find
Validate very strong password
|
| Expression |
^(?=^.{8,}$)(?=.*\d)(?=.*\W+)(?=.*[a-z])(?=.*[A-Z])(?i-msnx:(?!.*pass|.*password|.*word|.*god|.*\s))(?!^.*\n).*$ |
| Description |
This regular expression can be used to validate a strong password. It will evaluate to true if the following critera are met:
Must be 8 characters in length total.
Must contain at least 1 digit.
Must contain at least 1 lower case letter.
Must contain at least 1 upper case letter.
Must contain at least 1 non-character (such as !,#,%,@, etc).
Must not contain the words "password" or "pass" or "word" or "god"
Must not contain a whitespace.
Note: This version is not compatible with JavaScript |
| Matches |
one2!fouR, @Eight21, one22Four%, 2thRee@four, 7diPity*, 12345aB( |
| Non-Matches |
one2three!, four2345, #viced@#$, short1@ |
| Author |
Rating:
Charles Forsyth
|
| Source |
|
| Your Rating |
|
Title: Nice job; a few ideas for you
Name: Speednet
Date: 7/25/2008 5:14:15 PM
Comment:
Good job overall. Here are some comments:
1. If you're checking for "pass", there is no need to also check for "password" (take out "|.*password").
2. Correct your description to say "Must be 8 characters in length..." (not 15).
3. Remove the first look-ahead for the length. (Remove the "(?=^.{8,}$)".) You can do it in a single check at the end (see #5).
4, Remove the plus sign after \W. (Just need to match one.)
5. Rather than just checking for "\n", I'd recommend a simpler way that protects against ALL undesireable characters, not just a newline. Remove the ending of "(?!^.*\n).*$", and replace it with "[\x20-\x7e]{8,}$". It ensures that all characters are between ASCII codes 32 and 126, as well as doing the length check for at least 8 characters. If you don't want to allow spaces, make it \x21-\x7e.
So the entire thing should be:
^(?=.*\d)(?=.*\W)(?=.*[a-z])(?=.*[A-Z])(?i-msnx:(?!.*pass|.*word|.*god))[\x20-\x7e]{8,}$
