✅The following 4 regex patterns can help you to write almost any password validation
Pattern 1:
Password must contain one digit from 1 to 9, one lowercase letter, one uppercase letter, one special character, no space, and it must be 8-16 characters long.
/^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*\W)(?!.* ).{8,16}$/
Explanation:
-
(?=.*[0-9])means that the password must contain a single digit from 1 to 9.
-
(?=.*[a-z])means that the password must contain one lowercase letter.
-
(?=.*[A-Z])means that the password must contain one uppercase letter.
-
(?=.*\W)means that the password must contain one special character.
-
.{8,16}means that the password must be 8-16 characters long. We must use this at the end of the regex, just before the$symbol.
What are ^ and $:
^ indicates the beginning of the string. $ indicates the end of the string.
If we don't use these ^ & $, the regex will not be able to determine the maximum length of the password. In the above example, we have a condition that the password can't be longer than 16 characters, to make that condition work, we have used these ^ & $
Remove maximum length restriction:
- Instead of
.{8,16}, if we used.{8,}, it would mean that the password must be at least 8 characters long. So, there will not be any condition for checking the maximum length of the password.
Don't accept any number(digit):
- Instead of
(?=.*[0-9]), if we used(?!.*[0-9]), it would mean that the password must not contain any digit from 1-9 (Difference with the(?=.*[0-9])is the use of!instead of=)
Don't accept any spcecial character:
- Instead of
(?=.*\W), if we used(?!.*\W), it would mean that the password must not contain any special characters (The difference with the(?=.*\W)is the use of!instead of=)
Alternative Syntax for number(digit):
- Instead of
(?=.*[0-9]), we could have used(?=.*\d).(?=.*\d)also means that the password must contain a single digit from 1 to 9.
Pattern 2:
Password must contain one digit from 1 to 9, one lowercase letter, one uppercase letter, one underscore but no other special character, no space and it must be 8-16 characters long.
/^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*_)(?!.*\W)(?!.* ).{8,16}$/
Difference with the Pattern 1
- Here, we have used
(?=.*_)which wasn't on thePattern 1.
-
(?=.*_)(?!.*\W)means that the password must contain an underscore but can not contain any other special character.
Pattern 3:
Password must contain one digit from 1 to 9, one lowercase letter, one uppercase letter, one underscore, no space and it must be 8-16 characters long. Usage of any other special character other than underscore is optional.
/^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*_)(?!.* ).{8,16}$/
Difference with the Pattern 2
- Here, we have not used
(?!.*\W)what was on thePattern 2.
- But it still has the
(?=.*_)
- By just removing the
(?!.*\W), special characters have become optional. Now, one underscore is required but any other special character can be used or not as it's optional.
Pattern 4:
Password must contain one digit from 1 to 9, one lowercase letter, one uppercase letter, and one underscore, and it must be 8-16 characters long. Usage of any other special character and usage of space is optional.
/^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z]).{8,16}$/
Difference with the Pattern 3
- Here, we have not used
(?=.*_)&(?!.* )which was on thePattern 3.
- By removing
(?=.*_), it's no longer mandatory to pass one underscore. Now, passing special characters is optional.
- By removing the
(?!.* ), usage of space has become optional too.
That's it. 😃 Thanks for Reading.🎉
Top comments (7)
In Pattern 1:
Actually, it means it must not contain a digit ;) - I guess it's a typo in the regex part, because full regex correctly contains
(?=.*[0-9])Thanks for mentioning. 🎉 I've corrected it.
If there was no stackoverflow, I wouldn't have any relationship with Regex :D
By the way, Great article <3
Nice overview of the different patterns. One tiny comment on it would be not requiring a max length on passwords.
Maybe the code for not requiring maximum length of the password wasn't explicitly noticeable as it didn't have any title. So, I have modified and added a title so that it becomes more noticeable.
Ah indeed missed that part, js more clear now
The power of Regex!!