0

I have a requirement for password rules. Following are the rules.

The password must follow the following guidelines:

  • Be at least eight characters long
  • Contain 3 of these 4 options: lower case letter, upper case letter, number, or special character

  • When user specifies a password that does not meet the above rules, return message stating:

    Password must be at least 8 characters long and contain 3 of the 4 following options:

    • Lower case letter (a-z)
    • Upper case letter (A-Z)
    • Number (0-9)
    • Special character (!@#$%^&')

Please help me to get a regex expression to handle above conditions.

i appreciate all your help. following is the solution for my requirement

if(password.matches("^(?=.*[0-9]).{1,}$")){ validCount++; } if(password.matches("^(?=.*[a-z]).{1,}$")){ validCount++; } if(password.matches("^(?=.*[A-Z]).{1,}$")){ validCount++; } if(password.matches("^(?=.*[@#$%^&+=]).{1,}$")){ validCount++; } return validCount >= 3 ? true : false;

Thanks, Ramki

Improve this question
4
  • 4
    I think it would make more sense to do this without regexes... Or with 4 separate regexes (check for 3 matches out of 4). Commented May 23, 2012 at 23:56
  • I would do this with 4 separate regexes and check that 3 of 4 match like jahroy said. 8 characters long is just check strPassword.Length >= 8 Commented May 24, 2012 at 0:25
  • 1
    There are dozens of hits in a search here for [regex] password. Since you've apparently tried nothing on your own, perhaps a review of those will get you started. :) Start with the Related list on the right side of this page. Commented May 24, 2012 at 0:37
  • Not a real question? Pattern matching is what regexes were made for. Commented May 24, 2012 at 18:48

2 Answers 2

Reset to default
11

This is, if you want an elegant regex, as close as you can get 

^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[!@#$%^&'])[^ ]{8,}$

The basic idea is to use a technique called "positive lookahead" :

(?=.*PutHereWhatYouWantToAllow)

Your extra requirement 3 out of 4 is not easy to solve with regexes cause you cannot make them count basically. You could write out the necessary permutations of the above regex (tell me if it doesn't make sense) but that would make a very long regex. What you could do is write out the permutations in code so that the regex stays maintainable since you are not repeating the patterns literally.

I'll have a shot if I you tell me your language (C#?) cause it's a good challenge.

Update 1

Here is the regex that will match at least 3 of your requirements (4 is also allowed), just for the challenge of it. Don't use this in production but loop in the language with individual regexes as mentioned in the comments.

^((?=.[a-z].[A-Z].[\d])|(?=.[a-z].[\d].[A-Z])|(?=.[A-Z].[a-z].[\d])|(?=.[A-Z].[\d].[a-z])|(?=.[\d].[a-z].[A-Z])|(?=.[\d].[A-Z].[a-z])|(?=.[a-z].[A-Z].[!@#$%^&'])|(?=.[a-z].[!@#$%^&'].[A-Z])|(?=.[A-Z].[a-z].[!@#$%^&'])|(?=.[A-Z].[!@#$%^&'].[a-z])|(?=.[!@#$%^&'].[a-z].[A-Z])|(?=.[!@#$%^&'].[A-Z].[a-z])|(?=.[a-z].[\d].[!@#$%^&'])|(?=.[a-z].[!@#$%^&'].[\d])|(?=.[\d].[a-z].[!@#$%^&'])|(?=.[\d].[!@#$%^&'].[a-z])|(?=.[!@#$%^&'].[a-z].[\d])|(?=.[!@#$%^&'].[\d].[a-z])|(?=.[A-Z].[\d].[!@#$%^&'])|(?=.[A-Z].[!@#$%^&'].[\d])|(?=.[\d].[A-Z].[!@#$%^&'])|(?=.[\d].[!@#$%^&'].[A-Z])|(?=.[!@#$%^&'].[A-Z].[\d])|(?=.[!@#$%^&'].[\d].[A-Z]))[^ ]{8,}$

Update 2

This is the approach to take in java

From the comments I read that you are testing like the following

  • lowercase "^[a-z]*$";
  • uppercase "^[A-Z]*$";
  • digits="^[0-9]*$";

I don't think you are on the right track here. The lowercase will only report success if all characters are lowercase, and not just one. Same remark for the rest.

These are the 4 individual regexes of which at least 3 should report a match

[a-z] [A-Z] \d [!@#$%^&']

Here is the test that the password should not contain a space

^[^ ]*$

The test for at least 8 characters

.{8,}

So I split the requirements and not combine them. This should make for more readable code especially if one starts with regexes.

Improve this answer
Sign up to request clarification or add additional context in comments.

19 Comments

It says that it has to have 3 of the 4 options.
thanks for quick reply. i forgot to mention, it should not accept white space chars.i need not to check for all 4 conditions. any 3 of them enough. i am not sure how to put conditions (AND OR) in regex.
@Ramki I updated the regex so it rejects passwords with a space. Regexes are not programming language so they don't support AND and OR although you can emulate most if not all conditions in it. But it cannot say 3 out of 4 as explained in my answers. Best to do the permutations in code.
@Ramki I'm not fluent in Java but you get the idea to do it yourself hopefully.
No problem. Testing all 4 requirements in a java loop and stopping as soon as 3 are matched seems much more maintanable than do it in one monster regex. But I can't help myself and will post that big regex later.
|
3

Here's how I would do it:

import java.util.regex.Matcher; import java.util.regex.Pattern; public class ValidatePassword { public static void main (String[] args) { String pw = "abaslkA3FLKJ"; // create an array with 4 regex patterns Pattern [] patternArray = { Pattern.compile("[a-z]"), Pattern.compile("[A-Z]"), Pattern.compile("[0-9]"), Pattern.compile("[&%$#]") }; int matchCount = 0; // iterate over the patterns looking for matches for (Pattern thisPattern : patternArray) { Matcher theMatcher = thisPattern.matcher(pw); if (theMatcher.find()) { matchCount ++; } } if (matchCount >= 3) { System.out.println("Success"); } else { System.out.println("Failure: only " + matchCount + " matches"); } } }

I only added a few special characters to the 4th pattern... You'll have to modify it for your needs. You may need to escape certain characters with a backslash. You may also want to add other constraints like checking for no spaces. I'll leave that up to you.

Improve this answer

3 Comments

Regarding the special characters to the 4th pattern. You don't need to escape any of them according to the regex rules (and java for that matter). They only thing to watch out for is that you don't put the ^ first since that would negate the character class.
Thanks. I know that none of those need escape chars. Not sure about whatever characters the OP ends up adding. Didn't feel like testing all possibilities...
@jahroy i really appreciate your help.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.