🔍Regex Recipes

Strong Password Baseline

Password strength validation requiring minimum length and character class diversity with UX notes.

Pattern

^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,}$

Explanation

Requires at least 8 characters with at least one lowercase, uppercase, digit, and special character.

Examples

Strong
Input
MyP@ssw0rd
Output
✓ Match
Strong
Input
SecureP@ss1
Output
✓ Match
Weak - no special
Input
Password123
Output
✗ No match
Weak - no uppercase
Input
password@123
Output
✗ No match
Weak - too short
Input
P@ss1
Output
✗ No match

Code Examples

JavaScript 
const passwordRegex = /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,}$/;

function checkPasswordStrength(password) {
  const checks = {
    minLength: password.length >= 8,
    hasLower: /[a-z]/.test(password),
    hasUpper: /[A-Z]/.test(password),
    hasDigit: /\d/.test(password),
    hasSpecial: /[@$!%*?&]/.test(password)
  };
  
  const strength = Object.values(checks).filter(Boolean).length;
  return { checks, strength, valid: strength === 5 };
}

Try it Now

Open in Regex Tester

💡 Tips

  • Consider allowing longer passwords (12+ chars)
  • Show real-time strength feedback
  • Check against common password lists
  • Allow password managers (paste, autofill)
  • Consider passphrase approach instead

⚠️ Common Pitfalls

  • Overly strict rules frustrate users
  • Users may write down complex passwords
  • Length is more important than complexity
  • Consider passwordless options
  • Regex alone doesn't check for common passwords
← Back to All Templates