5

I'm new to regex.
I need to validate passwords using php with following password policy using Regex:

Passwords:

  1. Must have minimum 8 characters
  2. Must have 2 numbers
  3. Symbols allowed are : ! @ # $ % *

I have tried the following: /^(?=.*\d)(?=.*[A-Za-z])[0-9A-Za-z!@#$%]$/

Improve this question
8
  • 1
    Can you possibly post here the regexp you have tried and isn't working? Commented Aug 11, 2013 at 19:07
  • @NullPoiиteя Please read the question Null Commented Aug 11, 2013 at 19:10
  • Try regexlib.com Commented Aug 11, 2013 at 19:13
  • 2
    The Symbols allowed are : ! @ # $ % * part bothers me. Why are you only allowing certain symbols? You should allow the entire character set since you're passing the password off to a library like bcrypt anyways which will produce a hash. You ARE basing your passwords, right? Commented Aug 11, 2013 at 19:13
  • 1
    Previous questions with quite similar content are e.g. stackoverflow.com/questions/1615078/… and stackoverflow.com/questions/7245267/… ... Note also the many "for the love of $dmr, don't do that" comments. Commented Aug 11, 2013 at 19:14

5 Answers 5

Reset to default
9

The following matches exactly your requirements: ^(?=.*\d.*\d)[0-9A-Za-z!@#$%*]{8,}$

Online demo <<< You don't need the modifiers, they are just there for testing purposes.

Explanation

  • ^ : match begin of string
  • (?=.*\d.*\d) : positive lookahead, check if there are 2 digits
  • [0-9A-Za-z!@#$%*]{8,} : match digits, letters and !@#$%* 8 or more times
  • $ : match end of string
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

I would first try and find two numbers, using non-regex (or preg_match_all('[0-9]', ...) >= 2, then validating against:

^[!@#$%*a-zA-Z0-9]{8,}$

This should be faster and easier to understand. To do it using only regex sounds you need lookahead which basically scans the expression twice afaik, though I'm not sure of the PHP internals on that one.

Be prepared for a lot of complaints about passwords not being accepted. I personally have a large subset of passwords that wouldn't validate against those restrictions. Also nonsensical passwords like 12345678 would validate, or even 11111111, but not f4#f@faASvCXZr$%%zcorrecthorsebatterystaple.

Improve this answer

Comments

0

Full Strong Password Validation With PHP

  • Min 8 chars long
  • Min One Digit
  • Min One Uppercase
  • Min One Lower Case
  • Min One Special Chars

/^\S*(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=\S*[\W])[a-zA-Z\d]{8,}\S*$/

Demo here

Improve this answer

Comments

0

This will do the trick. Look ahead is nice for this...

//Matches alphanumeric or specified special characters and requires at least 2 digits

/^(?=.*\d.*\d)[0-9A-Za-z!@#$%]{4,20}$/

BONUS requires one of each: uppercase, lowercase, digit, and specified special characters

 /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d.*\d)(?=.*[!@#$%])[0-9A-Za-z!@#$%]{4,20}$/

EXPLAINED in pieces below

Look ahead/require for a lower case:

(?=.*[a-z])

Look ahead/require an uppercase:

(?=.*[A-Z])

Look ahead/require two digit:

(?=.*\d.*\d)

Look ahead/require only specified special chars:

(?=.*[!@#$%])

Entire password must contain a minimum of 4 and maximum of 20 only alpha numeric and specified special chars:

[0-9A-Za-z!@#$%]{4,20}
Improve this answer

Comments

-1 
if(preg_match('/[!@#$%*a-zA-Z0-9]{8,}/',$password) && preg_match_all('/[0-9]/',$password) >= 2)
{
    // do
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.