I have been searching for regular expression which accepts at least two digits and one special character and minimum password length is 8. So far I have done the following: [0-9a-zA-Z!@#$%0-9]*[!@#$%0-9]+[0-9a-zA-Z!@#$%0-9]*
- possible duplicate of Regular expressions for password validationToto– Toto2013-10-21 11:23:26 +00:00Commented Oct 21, 2013 at 11:23
Add a comment |
6 Answers
Something like this should do the trick.
^(?=(.*\d){2})(?=.*[a-zA-Z])(?=.*[!@#$%])[0-9a-zA-Z!@#$%]{8,} (?=(.*\d){2}) - uses lookahead (?=) and says the password must contain at least 2 digits (?=.*[a-zA-Z]) - uses lookahead and says the password must contain an alpha (?=.*[!@#$%]) - uses lookahead and says the password must contain 1 or more special characters which are defined [0-9a-zA-Z!@#$%] - dictates the allowed characters {8,} - says the password must be at least 8 characters long It might need a little tweaking e.g. specifying exactly which special characters you need but it should do the trick.
2 Comments
CupOfJoe
This was very useful and detailed and for others that come around here I will leave this guide that help me customise your answer a little more.
Volodymyr Kotylo
In case you need grouping, like "at least combination of Alpha + Special", then something like that should help (((?=.*?[a-z])(?=.*?[!@#$%]))|...), where ... is another group
There is no reason, whatsoever, to implement all rules in a single regex. Consider doing it like thus:
Pattern[] pwdrules = new Pattern[] { Pattern.compile("........"), // at least 8 chars Pattern.compile("\d.*\d"), // 2 digits Pattern.compile("[-!"§$%&/()=?+*~#'_:.,;]") // 1 special char } String password = ......; boolean passed = true; for (Pattern p : pwdrules) { Matcher m = p.matcher(password); if (m.find()) continue; System.err.println("Rule " + p + " violated."); passed = false; } if (passed) { .. ok case.. } else { .. not ok case ... } This has the added benefit that passwort rules can be added, removed or changed without effort. They can even reside in some ressource file.
In addition, it is just more readable.
4 Comments
drowa
"There is no reason, whatsoever, to implement all rules in a single regex." How do you know that?
Ingo
@drowa What would be a reason?
drowa
Imagine a CMS system that only accepts regular expressions for password field validation, and changing this CMS system is not an option.
Ingo
@drowa All right. Then my remark is for people implementing such a system. They should make it so that a password validation rule is a set of alternatives, and each alternative is a conjunction of simple conditions (expressed by regular expressions) or negations thereof. It is, in particular, the conjunctions and negations that make regexes complicated, while alternatives are already built in. - In fact, the expectation that the verbal formulation of the companies PW policy could only be expressed in 1 sentence without the words "and" or "not" (or synonyms thereof) would be considered insane.
Try this regex. It uses lookahead to verified there is a least two digits and one of the special character listed by you.
^(?=.*?[0-9].*?[0-9])(?=.*[!@#$%])[0-9a-zA-Z!@#$%0-9]{8,}$ EXPLANATION
^ #Match start of line. (?=.*?[0-9].*?[0-9]) #Look ahead and see if you can find at least two digits. Expression will fail if not. (?=.*[!@#$%]) #Look ahead and see if you can find at least one of the character in bracket []. Expression will fail if not. [0-9a-zA-Z!@#$%0-9]{8,} #Match at least 8 of the characters inside bracket [] to be successful. $ # Match end of line. 
1 Comment
blatt
Looks like 0-9 is declared twice in your list of characters: [0-9a-zA-Z!@#$%0-9]
Try this one:
^(?=.*\d{2,})(?=.*[$-/:-?{-~!"^_`\[\]]{1,})(?=.*\w).{8,}$ Here's how it works shortly:
(?=.*\d{2,})this part saying except at least 2 digits(?=.*[$-/:-?{-~!"^_[]]{1,})` these are special characters, at least 1(?=.*\w)and rest are any letters (equals to[A-Za-z0-9_]).{8,}$this one says at least 8 characters including all previous rules. Below is map for current regexp (made with help of Regexper)
UPD
Regexp should look like this ^(?=(.*\d){2,})(?=.*[$-\/:-?{-~!"^_'\[\]]{1,})(?=.*\w).{8,}$ Check out comments for more details.
2 Comments
justhalf
This will match 2 digits only if they are consecutive, which I don't think is the case with password.
Val
@justhalf, yes, you're right. Part with digits should look like this
(?=(.*\d){2,}). And regexp like this ^(?=(.*\d){2,})(?=.*[$-\/:-?{-~!"^_'\[\]]{1,})(?=.*\w).{8,}$. Thanks for a note.Regular expressions define a structure on the string you're trying to match. Unless you define a spatial structure on your regex (e.g. at least two digits followed by a special char, followed by ...) you cannot use a regex to validate your string.
Comments
Try this : ^.*(?=.{8,15})(?=.*\d)(?=.*\d)[a-zA-Z0-9!@#$%]+$
Please read below link for making password regular expression policy:-
