Password Meter Validation - RegEx

Question

A password meter guides the user with developing a strong password. I would like to have the password requirements below implemented on the meter. I've added the highlighted code below with RegEx, however the code does not detect the required password guidelines. What is the correct code to detect the requirements below?

8+ characters
Upper and lowercase letters
Special characters
Must not contain 4+ continuous letters
Must not contain 4+ continuous numbers

Example:
Test%401 = Insufficient
2323Ejsdh! = Insufficient
Tlv!897% = Strong
302^PLs# = Strong

if(val.length > 7 && val.match(/\d{4}/) && val.match(/[a-zA-Z]{4}/) && val.match(/[~,!,@,#,$,%,^,&,*,(,),+,-,?]/))

Did you intend to match commas with `/[~,!,@,#,$,%,^,&,*,(,),+,-,?]/`? If yes, one is enough. and hyphen must be at the end of the class. — Wiktor Stribiżew, Sep 29 '15 at 14:22
No. Sorry. Commas are there to separate the special characters. — Elvis, Sep 29 '15 at 14:25
*3+ continuous letters* - none of the examples fit this. All have 3 continuous letters. — Wiktor Stribiżew, Sep 29 '15 at 14:27
Since you posted [another similar question](http://stackoverflow.com/questions/32852339/password-validation-with-sequential-letters-and-numbers-regex), do you still need help with this one? — Wiktor Stribiżew, Sep 30 '15 at 08:40
Yes I do need help. I have not received an answer yet to my question. Thanks for following up @stribizhev — Elvis, Sep 30 '15 at 12:51

Wiktor Stribiżew · Accepted Answer · 2015-10-01T20:13:10.720

Here is a single-regex approach for your task:

^(?=.*[a-zA-Z])(?=.*[^\w\s])(?!.*(?:[a-zA-Z]{4}|\d{4})).{8,}$

If you need to match specific "special" characters, use your [~!@#$%^&*()+?-] class instead of [^\w\s] (not a word or whitespace character). Breaking down:

var rx = RegExp ("^" +                            // Start of string
                "(?=.*[a-zA-Z])" +               // Letter is required
                "(?=.*[^\\w\\s])" +              // A special character is required
                "(?!.*(?:[a-zA-Z]{4}|\\d{4}))" + // No 4 letters or digits on end are allowed
                ".{8,}" +                        // The whole length can be 8 or more characters
                "$"                              // End of string
              );

Here is a working snippet:

var ins = "Test%401";
var ins1 = "2323Ejsdh!";

var strong1 = "Tlv!897%";
var strong2 = "302^PLs#";

var rx = RegExp ("^" +                            // Start of string
                 "(?=.*[a-zA-Z])" +               // Letter is required
                 "(?=.*[^\\w\\s])" +              // A special character is required
                 "(?!.*(?:[a-zA-Z]{4}|\\d{4}))" + // No 4 letters or digits on end are allowed
                 ".{8,}" +                        // The whole length can be 8 or more characters
                 "$"                              // End of string
                );
document.getElementById("r").innerHTML += rx.test(ins) + "<br/>";
document.getElementById("r").innerHTML += rx.test(ins1) + "<br/>";
document.getElementById("r").innerHTML += rx.test(strong1) + "<br/>";
document.getElementById("r").innerHTML += rx.test(strong2) + "<br/>";

<div id="r"/>

Another way is to split the conditions:

function CheckPass(val) {
   if(val.length <= 7) {
       return "Password is too short!";
   }
   else if (/\d{4}/.test(val)) {
          return "Password contains 4 digits on end!";
   }
   else if (/[a-zA-Z]{4}/.test(val)) {
          return "Password contains 4 letters on end!";
   }
   else if (!/[~!@#$%^&*()+?-]/.test(val)) {
          return "Password must contain at least one special character from the \"~!@#$%^&*()+?-\" set!";
   }
   else if (!/[a-z]/i.test(val)) {
          return "Password must contain at least one letter!";
   }
       else
           return "Password is strong!";
}
    
document.getElementById("r").innerHTML +=  "<b>Test%401</b>: "+CheckPass("Test%401") + "<br/>";
document.getElementById("r").innerHTML +=  "<b>2323Ejsdh!</b>: "+CheckPass("2323Ejsdh!") + "<br/>";
document.getElementById("r").innerHTML +=  "<b>23!34%12!</b>: "+CheckPass("23!34%12!") + "<br/>";
document.getElementById("r").innerHTML +=  "<b>23w34W12D</b>: "+CheckPass("23w34W12D") + "<br/>";
document.getElementById("r").innerHTML += "<b>Tlv</b>: "+ CheckPass("Tlv") + "<br/>";
document.getElementById("r").innerHTML +=  "<b>Tlv!897%</b>: "+CheckPass("Tlv!897%") + "<br/>";
document.getElementById("r").innerHTML +=  "<b>302^PLs#</b>: "+ CheckPass("302^PLs#");

<div id="r"/>

Thank you @stribizhev Can it catch the 4 letters or digits at the start and during the length of the password as well? You mentioned "on end are allowed" — Elvis, Oct 01 '15 at 18:20
No, using capture groups inside a negative look-ahead makes no sense since there will be no match. You need to split the regex as it is done in your question. I will re-answer with a split version as soon as I can. — Wiktor Stribiżew, Oct 01 '15 at 19:58
I added a snippet with a function returning the messages based on whether the password is strong or misses something important. — Wiktor Stribiżew, Oct 01 '15 at 20:13

Password Meter Validation - RegEx

1 Answers1