0

These are the set of criteria that I need to fulfill:

  • At least 1 letter between lowercase [a - z] -> 25% 

  • At least 1 letter between uppercase [A - Z] -> 25% 

  • At least 1 number between [ 0 - 9 ] -> 25% 

  • At least 1 character from [ $@#&! ] -> 25% 

  • Minimum length of password is 6 and maximum length of password is 12

This is the pattern I used to try to fulfil these criteria.

I've not yet grasped how regular expressions work.

I've also not figured how to set a pattern to check for the fourth criteria [$@#&!]. 

   <input type="password" name="password" placeholder="enter your password" 
`pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[$@#&!]).{6,12}"required>

So I would need some assistance with this.

user20490
  • 133
  • 1
  • 6
  • 3
    [Don't enforce a maximum password length.](https://stackoverflow.com/questions/98768/should-i-impose-a-maximum-length-on-passwords) – Welbog May 28 '18 at 19:56
  • @Welbog ok I could use JavaScript to achieve that instead right. I've already sorted out this challenge in JavaScript. But I want to understand how to achieve this using the pattern attribute in HTML 5. – user20490 May 28 '18 at 19:58
  • Did you try adding `(?=.*[$@#&!])` to your list of look-aheads? – Welbog May 28 '18 at 20:01
  • @Welbog I've added it now. The problem is that I read that the * indicates 0 or more instead of 1 or more. So if I replace it with + through out the regex would that be more accurate? – user20490 May 28 '18 at 20:08
  • The `pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[$@#&!]).{6,12}"` pattern is the one you should use as per your requirements. What answer do you expect if you have the answer in the question? – Wiktor Stribiżew May 28 '18 at 20:27
  • @WiktorStribiżew I read in one of the answers on this site that the .{6,12} is wrong because it indicates "between 6 to 12 times" as opposed to min 6 and max 12 – user20490 May 28 '18 at 20:29
  • You quantified `.`, so `.{6,12}` matches any char other than a line break char 6, 7, 8, 9, 10, 11 or 12 times. See [**your regex demo with explanation**](https://regex101.com/r/ll4hAx/1). – Wiktor Stribiżew May 28 '18 at 20:30
  • Why are we still discussing the "max password length"? Don't do that. It's **bad** for security, and user friendliness. – Tom Lord May 28 '18 at 20:43
  • @HemanthGowda This is why I asked the question because I keep getting different answers. Wictor told me that I already had the answer to the question. I was hoping that he would at least explain how the (*) qualifies as "at least 1" instead of "0 or more which it actually means". – user20490 May 28 '18 at 20:44
  • (?=.*[A-Z])(?=.*[a-z])(?=.*[@#!*])(?=^.{6,7}$)(?=.*[0-9]) I tested this.. Works. I can explain if you specify what you're confused about exactly. The comment thread is a bit messy. – Hemanth Gowda May 28 '18 at 20:51
  • @HemanthGowda first the * means 0 or more not one or more. Secondly the ^ is negation or so I read. How does ^{6,7} achieve the range specified in the question. – user20490 May 28 '18 at 21:13
  • @HemanthGowda Thanks for offering to explain. I need that badly. – user20490 May 28 '18 at 21:14
  • Lets get one thing clear, ^ inside "[]" means a not, if its outside that, it means beginning of string. so ^.{6,7}$ means the whole string can contain 6-7 characters(Any kind cuz ".") – Hemanth Gowda May 29 '18 at 01:53
  • Yes, the * means zero or more. but in this scenario, we are using it to do a variable look ahead. Say (?=.*[a-z]), the .* here ensures that a "111a" matches and also a "a" matches. In "111a" the ".*" consumed the 111 and in the "a" case, .* matched for zero occurrence. – Hemanth Gowda May 29 '18 at 01:54

1 Answers1

1

Use regex pattern:

^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[$@#&!]).{6,12}$

Note: Depends on the syntax and/or programming language you use, some of the special characters may need to be escaped by \ prefix.

Ωmega
  • 37,727
  • 29
  • 115
  • 183