Regex for Password validation in Javascript

Question

Regex Password complexity requires that any three of the following four characteristics must be applied when creating or changing a password.

• Alpha characters - at least 1 upper case alpha character
• Alpha characters - at least 1 lower case alpha character
• Numeric characters - at least 1 numeric character
• Special characters - at least 1 special character

I am trying with the following code, but its not working for special characters

(?=^.{6,}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.*

I want my regex to be validated against the following 4 cases

Match cases

• P@ssword
• Password1
• p@ssword1
• p@12345

Answer 1

To match for special simply list down all the special characters there are in a lookahead. See code below.

const pattern1 = /(?=\D)/; // non-digit character match
const pattern2 = /(?=.*[~`!@#$%^&*()--+={}\[\]|\\:;"'<>,.?/_₹])/; // at least one special char exists

Alternatively, assumingly, as your regex pattern already search for digits and alphabets such as in pattern 3, the only things not matching is non-digits, which are your special characters. Hence you can find match for non-digits characters too! Like in pattern 4.

  const pattern3 =
    /^(?=.*\d)(?=.*[~`!@#$%^&*()--+={}\[\]|\\:;"'<>,.?/_₹])(?=.*[a-z])(?=.*[A-Z]).{5,10}$/;
  const pattern4 =
    /^(?=.*\d)(?=.*\D)(?=.*[a-z])(?=.*[A-Z]).{5,10}$/;

For detailed explanation of the syntax or lookahead, you may read up the article below.

https://medium.com/p/19fc2b2a299c

Answer 2

Non English UTF-8

None of the solutions given allow international letters, i.e. éÉöÖæÆáÁ, but mainly focus on the english ASCII alphabet.

The following regEx uses unicode, UTF-8, to recognise upper and lower case and thus, allow international characters:

// Match uppercase, lowercase, digit or #$!%*?& and make sure the length is 6 to 36 in length  
const pwdFilter = /^(?=.*\p{Ll})(?=.*\p{Lu})(?=.*[\d|@#$!%*?&])[\p{L}\d@#$!%*?&]{6,36}$/gu

if (!pwdFilter.test(pwd)) {
    // Show error that password has to be adjusted to match criteria
}

The regEx:

/^(?=.*\p{Ll})(?=.*\p{Lu})(?=.*[\d|@#$!%*?&])[\p{L}\d@#$!%*?&]{6,36}$/gmu

checks if an uppercase, lowercase, digit or @#$!%*?& are used in the password. It also limits the length to be 6 minimum and maximum 36 (note that emojis, 😀🇺🇸🇪🇸🧑‍💻, count as more than one character in the length). The u in the end, is for using UTF-8.

Answer 3

var pattern = new RegExp(/^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*()_+\-=\[\]{};':"\\|,.<>\/?]).{6,}$/);

    if(pattern.test(value)){
         return true;
    } else {
         return false;
    }

Its working fine with special character also.

Answer 4

I think you would need this for all special characters too : [updated to reject space]

    $(document).ready(function(){
    $('input').change(function(){
    var count = 0;
    var pass = $(this).val();
        count += /[a-z]/.test(pass) ? 1 : 0;
        count += /[A-Z]/.test(pass) ? 1 : 0;
        count += /\d/.test(pass) ? 1 : 0;
        count += /[^\w\d\s]/.test(pass) ? 1 : 0;
        (count>2 & !/[\s]+/.test(pass)) ? $(this).css('background-color','lime'):$(this).css('background-color','orange');
    });

});

and the fiddle : jsFiddle

Answer 5

Use this Regex :

(?=^.{6,10}$)(?=.\d)(?=.[a-z])(?=.[A-Z])(?=.[!@#$%^&*()_+}{":;'?/>.<,])(?!.\s).$**

Answer 6

I think that a regex you can use is:

(?=^.{6,}$)(?=.*[0-9])(?=.*[A-Z])(?=.*[a-z])(?=.*[^A-Za-z0-9]).*

I'm not sure why you have so many or operators in your regex but this one matches if:

• (?=^.{6,}$) - String is > 5 chars
• (?=.*[0-9]) - Contains a digit
• (?=.*[A-Z]) - Contains an uppercase letter
• (?=.*[a-z]) - Contains a lowercase letter
• (?=.*[^A-Za-z0-9]) - A character not being alphanumeric.

Answer 7

I think a single regex will be messy in this case. You can easily do something like

var count = 0;

count += /[a-z]/.test(password) ? 1 : 0;
count += /[A-Z]/.test(password) ? 1 : 0;
count += /\d/.test(password) ? 1 : 0;
count += /[@]/.test(password) ? 1 : 0;

if(count > 2) {
    alert('valid')
}