A Unique Developer

Complex password strength checking through regular expression

Currently working on project for well non credit card company where they have online registration form. They really want user enter enter strong password for their account and criteria for password listed below..

  1. Password must length between 8 to 18.
  2. Password must contain atleast one alpha and on numeric.
  3. Password must have one special characters from @,#,$.
  4. Password can not have repeative alpha and numeric.

This is really complex but can be done with four different conditions easily (right?) but I decided to make things more complex and check all four condition with single regular expression. After spending time on this finally figure out regular expression can perform all four condition.

Here is megical regular expression.


Lets devide it and rule.

(?=^.{8,18}$) - This will check for length of password between 8 to 18 characters.

(?=^[\dA-Za-z@#\$]*$) - This make sure we enter digit,alpha and special characters from @,#,$. Not other than this will allowed.

(?=.*\d+) - This will make sure we have atleast one digit in regular expression.

(?=.*[A-Za-z]+) - This is for to make sure atleast one alpha.

(?!.*([\da-zA-Z])(.*)\1) - Here is megical one to check no repeating characters (alpha and digits only)


Only issue found it if you try to check with ColdFusion isValid function then it will not work but REMATCH will work fine.


<cfset reg = "(?=^.{8,18}$)(?=^[\dA-Za-z@##\$]*$)(?=.*[@##\$]?)(?=.*\d+)(?=.*[A-Za-z]+)(?!.*([\dA-Za-z])(.*)\1)"><cfoutput>REMATCH -<cfdump var="#reMatchNoCase(reg,"iam8l$ng")#"><br/>ISVALID - #isValid("Regex","iam8l$ng",reg)#</cfoutput>

Here is output :

[addcfcode]<cfset reg = "(?=^.{8,18}$)(?=^[\dA-Za-z@##\$]*$)(?=.*[@##\$]?)(?=.*\d+)(?=.*[A-Za-z]+)(?!.*([\dA-Za-z])(.*)\1)"><cfoutput>REMATCH -<cfdump var="#reMatchNoCase(reg,"iam8l$ng")#"><br/>
ISVALID - #isValid("Regex","iam8l$ng",reg)#


I think isValid doesn't able to validate because it return emptystring but I am able to put conidtion based on array length return from REMATCH.


Hope this help.