0

I am using the below regex in JavaScript for password policy check:

^.*(?=.{8,})(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[@#$_])(?=.*[\d\W]).*$

I tried the above regex using online regex checker http://www.nvcc.edu/home/drodgers/ceu/resources/test_regexp.asp

Test cases passed as expected, negative test cases failed. But same regex when deployed in application does not validate properly.

For eg: Tracker@123 does not work, where tRacker@123 works Asd56544#12 also works fine.

Can you please point out what's wrong in regex above?

Improve this question
3
  • um, all 3 of your test cases pass for me (as they should). Can you post your code that says it's failing? Commented May 11, 2011 at 7:50
  • It seems to work, maybe the problem is in the way you use it Commented May 11, 2011 at 7:55
  • what's the point in the leading .* or the last group (?=.*[\d\W])? (not that it's your problem) Commented May 11, 2011 at 7:55

2 Answers 2

Reset to default
1

My advice is to separate this regex into several simple regex'es. You may assign rules for your password, and for every rule you can assign a regex.

For example

  1. Rule №1. Minimal length of password = 8 characters (can be done without regex)
  2. Rule №2. At least one digit is required. ( /[0-9]/ )
  3. Rule №3. At least one letter is required ( /[a-z]/i)
  4. Rule №4. Illegal characters for password ( regex for some characters you don't want users to use in passwords)
  5. Rule №n - some little regex

(and so on)

With this approach, it will be more easier to manage your validation in sooner time. For example after a year, you'll have to change your password policy. You'll forget what your big regex is meaning (and will spend a lot of time changing that big regex, or doing a new one). But with little separates regexes (meaning rules) you easily configure your password policy

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks all for your hints and responses. I removed the last part (?=.*[\d\W]) and things started working fine. Why is that i should not sepcify \d or \W ?
2 user632323: What did you want to do by adding (?=.*[\d\W]) ? It means "any symbols before a digit or not a word"
0

Are you sure you syntax is correct?

Have a look at this JSfiddle, in it all the test cases pass

http://jsfiddle.net/pCLpX/

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.