I need to build a regex for a password requirement. The requirements are:
Password must be a minimum of 8 characters and contain at least 3 out of 4 of the following:
- Upper case
- Lower case
- Number
- Special character
I don't know much about regex. I understand the concept, but I've never heard of a way to specifically only require 3 out of 4 of the parts you define. Below is what I have so far. I know that the ?
after each positive lookahead means that it allows 0 or 1 occurrence of the specified character class, but how do I require a minimum of 3 out of my 4 requirements?
^(?=(.*[A-Z])?)(?=(.*[a-z])?)(?=(.*\d)?)(?=(.*\W)?).{8,}$
Update: the other answer linked to this question (probably) achieves the same result, but the given answer here is much cleaner and more elegant. I would suggest opening this question back up so that future readers get a more modern solution.
Here is how you can do this in a single regex without repeating conditions and without using any lookahead:
RegEx Demo
RegEx Details:
^
:(?:
:[a-z]()
: Match an lowercase letter and an empty capture #1|
: OR\d()
: Match a digit and an empty capture #2|
: OR[A-Z]()
: Match an uppercase letter and an empty capture #3|
: OR[^\n\w]()
: Match a special letter and an empty capture #4){8,}
: End non-capture group. Repeat this group 8+ times(?:\1\2(?:\3|\4)|\3\4(?:\1|\2))
: In this non-capture group we are making sure that any 3 empty groups were matched earlier$
: End