Regex for Password: “Atleast 1 letter, 1 number, 1 special character and SHOULD NOT start with a special character”

12
votes

I need a regular expression for a password field.

The requirement is:

  1. The password Must be 8 to 20 characters in length

  2. Must contain at least one letter and one number and a special character from !@#$%^&*()_+.

  3. Should not start with a special character

I have tried

^(?=.*[a-zA-Z])(?=.*\d)(?=.*[!@#$%^&*()_+])[A-Za-z\d!@#$%^&*()_+]{8,20}

It works but how do you restrict special characters from beginning the password? Also if you have a more efficient regex than the one mentioned above please suggest.

Thank you

1
javascriptregexasp.net-mvc
I wouldn't do that with a regex (don't think it's even possible). I would search throug the string char by char and have my counters.Ch33f
You shouldn't do this - this is bad security practice. xkcd.com/936Chris Moschini

1 Answers

14
votes

Its simple, just add one more character class at the begining

^(?=.*[a-zA-Z])(?=.*\d)(?=.*[!@#$%^&*()_+])[A-Za-z\d][A-Za-z\d!@#$%^&*()_+]{7,19}$

  • [A-Za-z\d] Ensures that the first character is an alphabet or digit.

  • [A-Za-z\d!@#$%^&*()_+]{7,19} will match minimum 7 maximum 19 character. This is required as he presceding character class would consume a single character making the total number of characters in the string as minimum 8 and maximum 20.

  • $ Anchors the regex at the end of the string. Ensures that there is nothing following our valid password

Regex Demo

var pattern = new RegExp(/^(?=.*[a-zA-Z])(?=.*\d)(?=.*[!@#$%^&*()_+])[A-Za-z\d][A-Za-z\d!@#$%^&*()_+]{7,19}$/);

console.log(pattern.test("!@#123asdf!@#"));

console.log(pattern.test("123asdf!@#"));

console.log(pattern.test("12as#"));