All geek questions in one place

Regex for password requirements

I want to require the following:

  • More than seven characters.
  • Contains at least two digits.
  • Contains at least two special (non-alphanumeric) characters.

... and I came up with this to do this:

(?=.{6,})(?=(.*\d){2,})(?=(.*\W){2,})

Now I would also like to make sure that two consecutive characters do not match. I have damn time to get this to work. Here is what I got that works on its own:

 (\S)\1+

... but if I try to combine the two, it will not work.

I work within the limits of the application. This default requirement is 1 character length, non-regular expression, and non-standard characters.

Anyway...

Using this test harness , I would expect y90e5 $ to match, but y90e5 $ $ to not.

What am I missing?

+3
source share
4 answers

Sometimes we cannot influence the specifications and have to write the implementation independently, that is, when some old backoffice system needs to be paired over the Internet, but has certain input restrictions, or simply because your boss asks you to.

EDIT: removed the regular expression based on the original regular expression for the crawler.

the source code has been changed to fit your description as it does not seem to really work:
EDIT: q. has been updated to reflect another version. The following differences exist:

My version: two or more \W and \d can repeat each other, but cannot appear next to each other (this was my wrong assumption), I fixed it to a length> 7, which is a little more efficient to place as a typical expression " capture everything. "

  ^(?!.*((\S)\1|\s))(?=.*(\d.+){2,})(?=.*(\W.+){2,}).{8,}

The new version in the original question: two or more \W and \d allowed to appear next to each other. This version currently supports lengths> = 6, not lengths> 7, as explained in the text.

The current answer, corrected, should be something like that which accepts updated q., My comments on length> 7 and optimization, then it looks like this: ^(?!.*((\S)\1|\s))(?=(.*\d){2,})(?=(.*\W){2,}).{8,} .

Update: your source code does not work, so I changed it a bit. Update: updated answer to reflect changes in the question, spaces are no longer allowed

+6
source

This is a bad place for regular expression. You better use a simple check.

+11
source

This may not be the most effective, but it seems to work.

 ^(?!.*(\S)\1)(?=.{6,})(?=(.*\d){2,})(?=(.*\W){2,})

Test strings:

  • ad2f # we1 $ // match valid.
  • adfwwe12 # $ // There is no match for ww repetition.
  • y90e5 $$ // There is no match for the repetition of $$.
  • y90e5 $ // No match too short and only 1 \ W class.

One comment pointed out that the above regular expression allows you to use spaces that are not commonly used for password fields. Although this is not a requirement for the original post, as indicated, a simple change will also prohibit spaces.

 ^(?!.*(\S)\1|.*\s)(?=.{6,})(?=(.*\d){2,})(?=(.*\W){2,})

Your regex engine can analyze (?!.*(\S)\1|.*\s) differently. Just keep up to date and adjust accordingly.

All previous test results are the same.
String with spaces:

  • ad2f # we1 $ // There is no matching space in the string.
+1
source

If the rule were that the passwords should be two digits followed by three letters or some of them, or the regular expression course would work very nicely. But I do not think that regular expressions are really intended for such a rule that you actually have. Even if you earn it, it will be rather mysterious for the poor sucker, who must support it later - perhaps you. I think it would be much simpler just to write a quick function that scrolls through the characters and counts how many in total and how many of each type. Then at the end check the quantity.

Just because you know how to use regular expressions does not mean that you should use them for everything. I have a cool cordless drill, but I do not use it for nails.

0
source

Source: https://habr.com/ru/post/1496452/

More articles:


All Articles