Published on

# Regex for Password validation

A password is a string of characters that is used to authenticate a user's identity and grant access to a particular system or service. Passwords are commonly used to protect personal information, financial accounts, and other sensitive data, and are typically chosen by the user and kept secret. To access a system or service that requires a password, a user must typically enter the correct password. This process is known as logging in or authenticating. Passwords are an important security measure, as they help to prevent unauthorized access to sensitive information and protect against cyber threats such as hacking and identity theft. In this article let's understand how we can create a regex for password strength and how regex can be matched for a strong password.

Regex (short for regular expression) is a powerful tool used for searching and manipulating text. It is composed of a sequence of characters that define a search pattern. Regex can be used to find patterns in large amounts of text, validate user input, and manipulate strings. It is widely used in programming languages, text editors, and command line tools.

# Structure of Strong Password

• It should have atleast 8 characters
• It should have atleast 1 number
• It should have atleast 1 alphabet
• It should have atleast 1 special character

# Regex for checking if password strength is high

Regular Expression-

Containing minimum 8 characters, with at least 1 letter and 1 number-

/^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d]{8,}$/gm  Containing minimum 8 characters, with at least 1 letter, 1 number and 1 special character- /^(?=.*[A-Za-z])(?=.*\d)(?=.*[@$!%*#?&])[A-Za-z\d@$!%*#?&]{8,}$/gm


Containing minimum 8 characters, with at least 1 uppercase letter, 1 lowercase letter and 1 number-

/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/gm  Containing minimum 8 characters, with at least 1 uppercase letter, 1 lowercase letter, 1 number and 1 special character- /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$#!%*?&])[A-Za-z\d@$#!%*?&]{8,}$/gm


Containing minimum 8 characters and maximum 16 characters, with at least 1 uppercase letter, 1 lowercase letter, 1 number and 1 special character-

/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%#*?&])[A-Za-z\d@$#!%*?&]{8,16}$/gm  Test string examples for the above regex- Input StringMatch Output abcabcabcdoes not match Xyz567#@11matches 34212does not match jdfsvkmlcsc12#matches Here is a detailed explanation of the above regex- /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%#*?&])[A-Za-z\d@$#!%*?&]{8,16}$/gm

Positive Lookahead (?=.*[A-Za-z])
Assert that the Regex below matches
. matches any character (except for line terminators)
* matches the previous token between zero and unlimited times, as many times as possible, giving back as needed (greedy)
Match a single character present in the list below [A-Za-z]
A-Z matches a single character in the range between A (index 65) and Z (index 90) (case sensitive)
a-z matches a single character in the range between a (index 97) and z (index 122) (case sensitive)
Positive Lookahead (?=.*\d)
Assert that the Regex below matches
. matches any character (except for line terminators)
* matches the previous token between zero and unlimited times, as many times as possible, giving back as needed (greedy)
\d matches a digit (equivalent to [0-9])
Positive Lookahead (?=.*[@$#!%*?&]) Assert that the Regex below matches . matches any character (except for line terminators) * matches the previous token between zero and unlimited times, as many times as possible, giving back as needed (greedy) Match a single character present in the list below [@$#!%*?&]
@$#!%*?& matches a single character in the list @$#!%*?& (case sensitive)
Match a single character present in the list below [A-Za-z\d@#$!%*?&] {8,} matches the previous token between 8 and unlimited times, as many times as possible, giving back as needed (greedy) A-Z matches a single character in the range between A (index 65) and Z (index 90) (case sensitive) a-z matches a single character in the range between a (index 97) and z (index 122) (case sensitive) \d matches a digit (equivalent to [0-9]) @#$!%*?& matches a single character in the list @#$!%*?& (case sensitive) Global pattern flags g modifier: global. All matches (don't return after first match) m modifier: multi line. Causes ^ and$ to match the begin/end of each line (not only begin/end of string)


Additionally, it is important to use a secure password hashing function to store passwords, rather than storing them in plain text.

Hope this article was useful to match valid password regex pattern.