Password REGEX with min 6 chars, at least one letter and one number and may contain special characters

26
votes

I need a regular expression with condition:

  • min 6 characters, max 50 characters
  • must contain 1 letter
  • must contain 1 number
  • may contain special characters like !@#$%^&*()_+

Currently I have pattern: (?!^[0-9]*$)(?!^[a-zA-Z]*$)^([a-zA-Z0-9]{6,50})$

However it doesn't allow special characters, does anybody have a good regex for that?

Thanks

7
javascriptasp.netregex
special characters like [!@#$%^&*()_+]- what do you not allow?kennebec

7 Answers

68
votes

Perhaps a single regex could be used, but that makes it hard to give the user feedback for which rule they aren't following. A more traditional approach like this gives you feedback that you can use in the UI to tell the user what pwd rule is not being met:

function checkPwd(str) {
    if (str.length < 6) {
        return("too_short");
    } else if (str.length > 50) {
        return("too_long");
    } else if (str.search(/\d/) == -1) {
        return("no_num");
    } else if (str.search(/[a-zA-Z]/) == -1) {
        return("no_letter");
    } else if (str.search(/[^a-zA-Z0-9\!\@\#\$\%\^\&\*\(\)\_\+]/) != -1) {
        return("bad_char");
    }
    return("ok");
}
17
votes

following jfriend00 answer i wrote this fiddle to test his solution with some little changes to make it more visual:

http://jsfiddle.net/9RB49/1/

and this is the code:

checkPwd = function() {
    var str = document.getElementById('pass').value;
    if (str.length < 6) {
        alert("too_short");
        return("too_short");
    } else if (str.length > 50) {
        alert("too_long");
        return("too_long");
    } else if (str.search(/\d/) == -1) {
        alert("no_num");
        return("no_num");
    } else if (str.search(/[a-zA-Z]/) == -1) {
        alert("no_letter");
        return("no_letter");
    } else if (str.search(/[^a-zA-Z0-9\!\@\#\$\%\^\&\*\(\)\_\+\.\,\;\:]/) != -1) {
        alert("bad_char");
        return("bad_char");
    }
    alert("oukey!!");
    return("ok");
}

btw, its working like a charm! ;)

best regards and thanks to jfriend00 of course!

3
votes

A more elegant and self-contained regex to match these (common) password requirements is:

^(?=.*[A-Za-z])(?=.*\\d)[A-Za-z\\d^a-zA-Z0-9].{5,50}$

The elegant touch here is that you don't have to hard-code symbols such as $ @ # etc.

To accept all the symbols, you are simply saying: "accept also all the not alphanumeric characters and not numbers".

Min and Max number of characters requirement

The final part of the regex {5,50} is the min and max number of characters, if the password is less than 6 or more than 50 characters entered the regex returns a non match.

1
votes

I have a regex, but it's a bit tricky.

^(?:(?<Numbers>[0-9]{1})|(?<Alpha>[a-zA-Z]{1})|(?<Special>[^a-zA-Z0-9]{1})){6,50}$

Let me explain it and how to check if the tested password is correct:

There are three named groups in the regex. 1) "Numbers": will match a single number in the string. 2) "Alpha": will match a single character from "a" to "z" or "A" to "Z" 3) "Special": will match a single character not being "Alpha" or "Numbers"

Those three named groups are grouped in an alternative group, and {6,50} advises regex machine to capture at least 6 of those groups mentiond above, but not more than 50.

To ensure a correct password is entered you have to check if there is a match, and after that, if the matched groups are capture as much as you desired. I'm a C# developer and don't know, how it works in javascript, but in C# you would have to check:

match.Groups["Numbers"].Captures.Count > 1

Hopefully it works the same in javascript! Good luck!

1
votes

  1. Check a password between 7 to 16 characters which contain only characters, numeric digits, underscore and first character must be a letter-

    /^[A-Za-z]\w{7,14}$/

  2. Check a password between 6 to 20 characters which contain at least one numeric digit, one uppercase, and one lowercase letter

    /^(?=.\d)(?=.[a-z])(?=.*[A-Z]).{6,20}$/

  3. Check a password between 7 to 15 characters which contain at least one numeric digit and a special character

    /^(?=.[0-9])(?=.[!@#$%^&])[a-zA-Z0-9!@#$%^&]{7,15}$/

  4. Check a password between 8 to 15 characters which contain at least one lowercase letter, one uppercase letter, one numeric digit, and one special character

    /^(?=.\d)(?=.[a-z])(?=.[A-Z])(?=.[^a-zA-Z0-9])(?!.*\s).{8,15}$/

articleregexr.com
1
votes

I use this

export const validatePassword = password => {
  const re = /^(?=.*[A-Za-z])(?=.*\d)[a-zA-Z0-9!@#$%^&*()~¥=_+}{":;'?/>.<,`\-\|\[\]]{6,50}$/
  return re.test(password)
}
0
votes

DEMO https://jsfiddle.net/ssuryar/bjuhkt09/

Onkeypress the function triggerred.

HTML

<form>
<input type="text" name="testpwd" id="testpwd" class="form=control" onkeyup="checksPassword(this.value)"/>
<input type="submit" value="Submit" /><br />
<span class="error_message spassword_error" style="display: none;">Enter minimum 8 chars with atleast 1 number, lower, upper &amp; special(@#$%&!-_&amp;) char.</span>
</form>

Script

function checksPassword(password){
var pattern = /^.*(?=.{8,20})(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%&!-_]).*$/;
if(!pattern.test(password)) {
$(".spassword_error").show();
}else
{
$(".spassword_error").hide();
}
}