Regex expression for password complexity

Question

0.00/5 (No votes)

See more:

I want the Regular Expression for Password Complexity

The password must then contain characters of the following rules:

1- At least one Upper case letter
2- At least Lower case
3- At least one Numbers
4- Disallow the consecutive digits like 1234, 4567, etc.
5- Disallow the consecutive alphabets like abcd, ijkl, etc.

What I have tried:

^(?:(?=.*[a-z])(?:(?=.*[A-Z])(?=.*[\d\W])|(?=.*\W)(?=.*\d))|(?=.*\W)(?=.*[A-Z])(?=.*\d)).{8,}$

Posted 30-Jun-22 1:45am

Member 11134333

Updated 30-Jun-22 1:59am

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2022-06-30T01:59:00

Don't. It's a mess at best, and when the rules change - as they always do - the changes are a total PITA as the Regex is massively complex already - if you could implement each of your rules, which I don't think you can - "consecutive numbers" aren't something regular expressions have any concept of.

Remember that Regexes are text matching engines: they don't have any processing power to speak of. Instead, use multiple Regexes to count how many of each type is found, and use those numbers to decide if it's valid or not. That way, when the rules change or a problem is found in your checking, it's simple to implement or fix.

And read this: The Myth of Complex Passwords - Nisos[^]