Regex for password requirements_问答_开发者_运维开发者技术经验分享

I want to require the following:

Is greater than seven characters.
Contains at least two digits.
Contains at least two special (non-alphanumeric) characters.

...and I came up with this to do it:

(?=.{6,})(?=(.*\d){2,})(?=(.*\W){2,})

Now, I'd also lik开发者_运维问答e to make sure that no two sequential characters are the same. I'm having a heck of a time getting that to work though. Here's what I got that works by itself:

(\S)\1+

...but if I try to combine the two together, it fails.

I'm operating within the constraints of the application. It's default requirement is 1 character length, no regex, and no nonstandard characters.

Anyway...

Using this test harness, I would expect y90e5$ to match but y90e5$$ to not.

What an i missing?

This is a bad place for a regex. You're better off using simple validation.

Sometimes we cannot influence specifications and have to write the implementation regardless, i.e., when some ancient backoffice system has to be interfaced through the web but has certain restrictions on input, or just because your boss is asking you to.

EDIT: removed the regex that was based on the original regex of the asker.

altered original code to fit your description, as it didn't seem to really work:
EDIT: the q. was then updated to reflect another version. There are differences which I explain below:

My version: the two or more \W and \d can be repeated by each other, but cannot appear next to each other (this was my incorrect assumption), i fixed it for length>7 which is slightly more efficient to place as a typical "grab all" expression.

 ^(?!.*((\S)\1|\s))(?=.*(\d.+){2,})(?=.*(\W.+){2,}).{8,}

New version in original question: the two or more \W and the \d are allowed to appear next to each other. This version currently support length>=6, not length>7 as is explained in the text.

The current answer, corrected, should be something like this, which takes the updated q., my comments on length>7 and optimizations, then it looks like: ^(?!.*((\S)\1|\s))(?=(.*\d){2,})(?=(.*\W){2,}).{8,}.

Update: your original code doesn't seem to work, so I changed it a bit
Update: updated answer to reflect changes in question, spaces not allowed anymore

This may not be the most efficient but appears to work.

^(?!.*(\S)\1)(?=.{6,})(?=(.*\d){2,})(?=(.*\W){2,})

Test strings:

ad2f#we1$ //match valid.
adfwwe12#$ //No Match repeated ww.
y90e5$$ //No Match repeated $$.
y90e5$ //No Match too Short and only 1 \W class value.

One of the comments pointed out that the above regex allows spaces which are typically not used for password fields. While this doesn't appear to be a requirement of the original post, as pointed out a simple change will disallow spaces as well.

^(?!.*(\S)\1|.*\s)(?=.{6,})(?=(.*\d){2,})(?=(.*\W){2,})

Your regex engine may parse (?!.*(\S)\1|.*\s) differently. Just be aware and adjust accordingly.

All previous test results the same.
Test string with whitespace:

ad2f #we1$ //No match space in string.

If the rule was that passwords had to be two digits followed by three letters or some such, or course a regular expression would work very nicely. But I don't think regexes are really designed for the sort of rule you actually have. Even if you get it to work, it would be pretty cryptic to the poor sucker who has to maintain it later -- possibly you. I think it would be a lot simpler to just write a quick function that loops through the characters and counts how many total and how many of each type. Then at the end check the counts.

Just because you know how to use regexes doesn't mean you have to use them for everything. I have a cool cordless drill but I don't use it to put in nails.