Regex
regex
December 17, 20224 min read

Regex for Password validation

A password is a string of characters that is used to authenticate a user's identity and grant access to a particular system or service. Passwords are commonly used to protect personal information, financial accounts, and other sensitive data, and are typically chosen by the user and kept secret. To access a system or service that requires a password, a user must typically enter the correct password. This process is known as logging in or authenticating. Passwords are an important security measure, as they help to prevent unauthorized access to sensitive information and protect against cyber threats such as hacking and identity theft. In this article let's understand how we can create a regex for password strength and how regex can be matched for a strong password.

Regex (short for regular expression) is a powerful tool used for searching and manipulating text. It is composed of a sequence of characters that define a search pattern. Regex can be used to find patterns in large amounts of text, validate user input, and manipulate strings. It is widely used in programming languages, text editors, and command line tools.

Structure of Strong Password

  • It should have atleast 8 characters
  • It should have atleast 1 number
  • It should have atleast 1 alphabet
  • It should have atleast 1 special character

Regex for checking if password strength is high

Regular Expression-

Containing minimum 8 characters, with at least 1 letter and 1 number-

/^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d]{8,}$/gm

Containing minimum 8 characters, with at least 1 letter, 1 number and 1 special character-

/^(?=.*[A-Za-z])(?=.*\d)(?=.*[@$!%*#?&])[A-Za-z\d@$!%*#?&]{8,}$/gm

Containing minimum 8 characters, with at least 1 uppercase letter, 1 lowercase letter and 1 number-

/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/gm

Containing minimum 8 characters, with at least 1 uppercase letter, 1 lowercase letter, 1 number and 1 special character-

/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$#!%*?&])[A-Za-z\d@$#!%*?&]{8,}$/gm

Containing minimum 8 characters and maximum 16 characters, with at least 1 uppercase letter, 1 lowercase letter, 1 number and 1 special character-

/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%#*?&])[A-Za-z\d@$#!%*?&]{8,16}$/gm

Test string examples for the above regex-

Input StringMatch Output
abcabcabcdoes not match
Xyz567#@11matches
34212does not match
jdfsvkmlcsc12#matches

Here is a detailed explanation of the above regex-

/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%#*?&])[A-Za-z\d@$#!%*?&]{8,16}$/gm

Positive Lookahead (?=.*[A-Za-z])
Assert that the Regex below matches
. matches any character (except for line terminators)
* matches the previous token between zero and unlimited times, as many times as possible, giving back as needed (greedy)
Match a single character present in the list below [A-Za-z]
A-Z matches a single character in the range between A (index 65) and Z (index 90) (case sensitive)
a-z matches a single character in the range between a (index 97) and z (index 122) (case sensitive)
Positive Lookahead (?=.*\d)
Assert that the Regex below matches
. matches any character (except for line terminators)
* matches the previous token between zero and unlimited times, as many times as possible, giving back as needed (greedy)
\d matches a digit (equivalent to [0-9])
Positive Lookahead (?=.*[@$#!%*?&])
Assert that the Regex below matches
. matches any character (except for line terminators)
* matches the previous token between zero and unlimited times, as many times as possible, giving back as needed (greedy)
Match a single character present in the list below [@$#!%*?&]
@$#!%*?& matches a single character in the list @$#!%*?& (case sensitive)
Match a single character present in the list below [A-Za-z\d@#$!%*?&]
{8,} matches the previous token between 8 and unlimited times, as many times as possible, giving back as needed (greedy)
A-Z matches a single character in the range between A (index 65) and Z (index 90) (case sensitive)
a-z matches a single character in the range between a (index 97) and z (index 122) (case sensitive)
\d matches a digit (equivalent to [0-9])
@#$!%*?& matches a single character in the list @#$!%*?& (case sensitive)
Global pattern flags
g modifier: global. All matches (don't return after first match)
m modifier: multi line. Causes ^ and $ to match the begin/end of each line (not only begin/end of string)

Additionally, it is important to use a secure password hashing function to store passwords, rather than storing them in plain text.

Hope this article was useful to match valid password regex pattern.

Share this blog
Tagged in :
regex
Like what you read?
Subscribe to our Newsletter
Subscribe to our email newsletter and unlock access to members-only content and exclusive updates.
About the Author
Satvik
Satvik
Entrepreneur
Satvik is a passionate developer turned Entrepreneur. He is fascinated by JavaScript, Operating System, Deep Learning, AR/VR. He has published several research papers and applied for patents in the field as well. Satvik is a speaker in conferences, meetups talking about Artificial Intelligence, JavaScript and related subjects. His goal is to solve complex problems that people face with automation. Related projects can be seen at - [Projects](/projects)
View all articles
Previous Article
Next Article
December 1, 20223 min read