Write Regex Pattern for Password Validation Like a Pro

✅The following 4 regex patterns can help you to write almost any password validation

Pattern 1:

Password must contain one digit from 1 to 9, one lowercase letter, one uppercase letter, one special character, no space, and it must be 8-16 characters long.

/^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*\W)(?!.* ).{8,16}$/

Explanation:

• (?=.*[0-9]) means that the password must contain a single digit from 1 to 9.

• (?=.*[a-z]) means that the password must contain one lowercase letter.

• (?=.*[A-Z]) means that the password must contain one uppercase letter.

• (?=.*\W) means that the password must contain one special character.

• .{8,16} means that the password must be 8-16 characters long. We must use this at the end of the regex, just before the $ symbol.

What are ^ and $:

^ indicates the beginning of the string. $ indicates the end of the string.

If we don't use these ^ & $, the regex will not be able to determine the maximum length of the password. In the above example, we have a condition that the password can't be longer than 16 characters, to make that condition work, we have used these ^ & $

Remove maximum length restriction:

• Instead of .{8,16}, if we used .{8,}, it would mean that the password must be at least 8 characters long. So, there will not be any condition for checking the maximum length of the password.

Don't accept any number(digit):

• Instead of (?=.*[0-9]), if we used (?!.*[0-9]), it would mean that the password must not contain any digit from 1-9 (Difference with the (?=.*[0-9]) is the use of ! instead of =)

Don't accept any spcecial character:

• Instead of (?=.*\W), if we used (?!.*\W), it would mean that the password must not contain any special characters (The difference with the (?=.*\W) is the use of ! instead of =)

Alternative Syntax for number(digit):

• Instead of (?=.*[0-9]), we could have used (?=.*\d). (?=.*\d) also means that the password must contain a single digit from 1 to 9.

Pattern 2:

Password must contain one digit from 1 to 9, one lowercase letter, one uppercase letter, one underscore but no other special character, no space and it must be 8-16 characters long.

/^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*_)(?!.*\W)(?!.* ).{8,16}$/

Difference with the Pattern 1

• Here, we have used (?=.*_) which wasn't on the Pattern 1.

• (?=.*_)(?!.*\W) means that the password must contain an underscore but can not contain any other special character.

Pattern 3:

Password must contain one digit from 1 to 9, one lowercase letter, one uppercase letter, one underscore, no space and it must be 8-16 characters long. Usage of any other special character other than underscore is optional.

/^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*_)(?!.* ).{8,16}$/

Difference with the Pattern 2

• Here, we have not used (?!.*\W) what was on the Pattern 2.

• But it still has the (?=.*_)

• By just removing the (?!.*\W), special characters have become optional. Now, one underscore is required but any other special character can be used or not as it's optional.

Pattern 4:

Password must contain one digit from 1 to 9, one lowercase letter, one uppercase letter, and one underscore, and it must be 8-16 characters long. Usage of any other special character and usage of space is optional.

/^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z]).{8,16}$/

Difference with the Pattern 3

• Here, we have not used (?=.*_) & (?!.* ) which was on the Pattern 3.

• By removing (?=.*_), it's no longer mandatory to pass one underscore. Now, passing special characters is optional.

• By removing the (?!.* ), usage of space has become optional too.

That's it. 😃 Thanks for Reading.🎉