Looking for some help for validating password with the following rules:
8+ characters
contains at least 1 upper case letter
contains at least 1 lower case letter
contains at least 1 number
Cannot start with a number
contains no special characters
I had gotten as far as:
(?=.*\d.*)(?=.*[a-z].*)(?=.*[A-Z].*)(?=.*[!#\$%&\?].*).{8,}
but can't seem to figure out how to get the first digit to not match a digit, and set the special character class to not match as well. Any help would be greatly appreciated.
Looking for some help for validating password with the following rules:
8+ characters
contains at least 1 upper case letter
contains at least 1 lower case letter
contains at least 1 number
Cannot start with a number
contains no special characters
I had gotten as far as:
(?=.*\d.*)(?=.*[a-z].*)(?=.*[A-Z].*)(?=.*[!#\$%&\?].*).{8,}
but can't seem to figure out how to get the first digit to not match a digit, and set the special character class to not match as well. Any help would be greatly appreciated.
Share Improve this question edited Jun 7, 2013 at 13:54 haylem 22.7k3 gold badges69 silver badges96 bronze badges asked Jun 7, 2013 at 13:40 BrianBrian 2,3056 gold badges30 silver badges51 bronze badges 2- 1 just a remark, for beter password safety, it may be good to allow some special characters though, to make the spectrum of possibilities the widest possible – Laurent S. Commented Jun 7, 2013 at 13:45
- Our ERP systems doesn't allow special characters. – Brian Commented Jun 7, 2013 at 13:46
3 Answers
Reset to default 4I find that breaking this down into individual tests is:
- easier to code
- easier to read
- easier to maintain
- and more flexible when requirements change
Try something like this:
var testPassword = function (password) {
var minLengthMet = password.length >= 8,
hasUpper = (/[A-Z]+/).test(password),
hasLower = (/[a-z]+/).test(password),
hasNumber = (/[0-9]+/).test(password),
letterBegin = (/^[A-Za-z]/).test(password),
noSpecials = !(/[^A-Za-z0-9]+/).test(password);
return minLengthMet && hasUpper && hasLower && hasNumber && letterBegin && noSpecials;
};
See it in action here: http://jsfiddle/H9twa/
Here is what I would go with:
(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?!.*[!#\$%&\?])^\D.{7}
Note that the .* after each look-ahead term was superfluous.
(?!...) is a negative look-ahead, to make sure there are no special characters.
^\D requires that the first character be a non-digit. Then I simply require 7 characters after that, because the end is not enforced.
But why exclude special characters from passwords? Usually just the opposite is encouraged.
How about:
pwd.length >= 8 &&
pwd.match(/[A-Z]/) &&
pwd.match(/[a-z]/) &&
pwd.match(/\d/) &&
!pwd.match(/^\d/) &&
!pwd.match(/[!#\$%&\?]/);
Just in case you need to maintain this code ever?