DEV Community

Cover image for Write Regex Pattern for Password Validation Like a Pro
Rasaf Ibrahim
Rasaf Ibrahim

Posted on • Updated on

Write Regex Pattern for Password Validation Like a Pro

✅The following 4 regex patterns can help you to write almost any password validation

 

 

Pattern 1:

 

Password must contain one digit from 1 to 9, one lowercase letter, one uppercase letter, one special character, no space, and it must be 8-16 characters long.

/^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*\W)(?!.* ).{8,16}$/
Enter fullscreen mode Exit fullscreen mode

 

Explanation:

 

  • (?=.*[0-9]) means that the password must contain a single digit from 1 to 9.

 

  • (?=.*[a-z]) means that the password must contain one lowercase letter.

 

  • (?=.*[A-Z]) means that the password must contain one uppercase letter.

 

  • (?=.*\W) means that the password must contain one special character.

 

  • .{8,16} means that the password must be 8-16 characters long. We must use this at the end of the regex, just before the $ symbol.

 

What are ^ and $:

 

^ indicates the beginning of the string. $ indicates the end of the string.

If we don't use these ^ & $, the regex will not be able to determine the maximum length of the password. In the above example, we have a condition that the password can't be longer than 16 characters, to make that condition work, we have used these ^ & $

 

Remove maximum length restriction:

 

  • Instead of .{8,16}, if we used .{8,}, it would mean that the password must be at least 8 characters long. So, there will not be any condition for checking the maximum length of the password.

 

Don't accept any number(digit):

 

  • Instead of (?=.*[0-9]), if we used (?!.*[0-9]), it would mean that the password must not contain any digit from 1-9 (Difference with the (?=.*[0-9]) is the use of ! instead of =)

 

Don't accept any spcecial character:

 

  • Instead of (?=.*\W), if we used (?!.*\W), it would mean that the password must not contain any special characters (The difference with the (?=.*\W) is the use of ! instead of =)

 

Alternative Syntax for number(digit):

 

  • Instead of (?=.*[0-9]), we could have used (?=.*\d). (?=.*\d) also means that the password must contain a single digit from 1 to 9.

 

 

Pattern 2:

 

Password must contain one digit from 1 to 9, one lowercase letter, one uppercase letter, one underscore but no other special character, no space and it must be 8-16 characters long.

/^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*_)(?!.*\W)(?!.* ).{8,16}$/

Enter fullscreen mode Exit fullscreen mode

 

Difference with the Pattern 1

 

  • Here, we have used (?=.*_) which wasn't on the Pattern 1.

 

  • (?=.*_)(?!.*\W) means that the password must contain an underscore but can not contain any other special character.

 

Pattern 3:

 

Password must contain one digit from 1 to 9, one lowercase letter, one uppercase letter, one underscore, no space and it must be 8-16 characters long. Usage of any other special character other than underscore is optional.

/^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*_)(?!.* ).{8,16}$/
Enter fullscreen mode Exit fullscreen mode

 

Difference with the Pattern 2

 

  • Here, we have not used (?!.*\W) what was on the Pattern 2.

 

  • But it still has the (?=.*_)

 

  • By just removing the (?!.*\W), special characters have become optional. Now, one underscore is required but any other special character can be used or not as it's optional.

 

Pattern 4:

 

Password must contain one digit from 1 to 9, one lowercase letter, one uppercase letter, and one underscore, and it must be 8-16 characters long. Usage of any other special character and usage of space is optional.

/^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z]).{8,16}$/
Enter fullscreen mode Exit fullscreen mode

 

Difference with the Pattern 3

 

  • Here, we have not used (?=.*_) & (?!.* ) which was on the Pattern 3.

 

  • By removing (?=.*_), it's no longer mandatory to pass one underscore. Now, passing special characters is optional.

 

  • By removing the (?!.* ), usage of space has become optional too.

 

That's it. 😃 Thanks for Reading.🎉

Discussion (7)

Collapse
katafrakt profile image
Paweł Świątkowski

In Pattern 1:

(?!.*[0-9]) means that the password must contain a single digit from 1 to 9.

Actually, it means it must not contain a digit ;) - I guess it's a typo in the regex part, because full regex correctly contains (?=.*[0-9])

Collapse
rasaf_ibrahim profile image
Rasaf Ibrahim Author

Thanks for mentioning. 🎉 I've corrected it.

Collapse
khokon profile image
Khokon M. • Edited on

If there was no stackoverflow, I wouldn't have any relationship with Regex :D
By the way, Great article <3

Collapse
kaylumah profile image
Max Hamulyák

Nice overview of the different patterns. One tiny comment on it would be not requiring a max length on passwords.

Collapse
rasaf_ibrahim profile image
Rasaf Ibrahim Author

Maybe the code for not requiring maximum length of the password wasn't explicitly noticeable as it didn't have any title. So, I have modified and added a title so that it becomes more noticeable.

Collapse
kaylumah profile image
Max Hamulyák

Ah indeed missed that part, js more clear now

Collapse
talenttinaapi profile image
talent

The power of Regex!!