A regex is a poor tool for password validation - it's a text processor not a semantic analysis tool.
If you want to count items, then use multiple regexes:
[A-Za-Z]
\d
[!"£$%^&*()-_=+]
And use the
Regex.Matches[
^] method to return a MatchCollection for each. You can then use it's Count property to tell you how many there are: 0 is bad, non-zero in all of them is OK.
But ... enforcing password strength is normally a poor idea: it reduces security as it either encourages people to write it down, or to use the same password for all logins.
Why enforced password complexity is worse for security (and what to do about it)[
^]