Password Strength (8+ chars, mixed case, number, special)
Validate password strength requiring min length, uppercase, lowercase, digit, and special character.
What Is This?
This regex pattern enforces strong password requirements using positive lookaheads. It checks for: at least 8 characters total, at least one lowercase letter, at least one uppercase letter, at least one digit, and at least one special character. The lookahead assertions ensure all conditions are met without consuming characters.
How to Use
The Pattern
The pattern uses five lookahead assertions: (?=.*[a-z]) checks for lowercase, (?=.*[A-Z]) for uppercase, (?=.*\d) for a digit, (?=.*[!@#$%...]) for a special character. The .{8,} at the end ensures minimum length. Customize the special character set as needed.
/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[!@#$%^&*()_+\-={}\[\]|:;"'<>,.?\/~`]).{8,}$/Examples
Strong passwords
Matches: Password1! Str0ng!Pass MyP@ssw0rd C0mpl3x!# Does not match: weak onlyletters NoSpecial1 Short1!
Edge cases
Matches: aB1!defghijk !1Abcdefgh Abcd!5efgh Does not match: ABCDEFGH1! abcdefgh1! Abcdefgh1 !@#$%^&*()Aa1
Frequently Asked Questions
Is this password policy secure enough?
This meets basic security requirements but modern NIST guidelines recommend: minimum 8 characters (preferably 12+), no composition rules, and focus on length over complexity. Consider using a password strength estimator (like zxcvbn) instead of regex rules.
How can I customize the allowed special characters?
Edit the character class [...] to include or exclude specific characters. For example, to only allow !@#$% as special characters, change the class to [!@#$%]. Be careful to escape regex metacharacters inside the class.