Password Regex Generator and Validator
Create a Rules based Regular Expression for Password Regex Validation
Generate Regular expression for password based on rules combining any of regex for alphabets, regex for alphanumeric, regex for special characters with min/max limits. You can also Enter Custom Regex for Password Validation
Regex Pattern
CopyMin Length
Max Length
Case Selection
Min Digits
Min Upper case
Allow Special Characters
Min Lower Case
Min Symbols
You can enter different password to validate for above generated Regular expression. You can also copy other password regex patterns in Regex field and validate it here
Enter password to verify
How to generate Password Regex using the tool?
To use the password regex generator, specify your criteria for the password. - Start by entering a Min and Max Length for the password
- Then specify if Digits and Special Chars are mandatory by enabling or disabling 'Must Have Digits' and 'Allow Special Characters' options respectively.
- Select the option under 'Case Selection' for Uppercase, lower case or 'Any' case.
- Additionally, you can also specify minimum no of symbols and digits. Usually it is at least one digit and at least 1 symbol.
- On completion, you can automatically see the regular expression generated based on your input conditions in the field marked as 'Regex Pattern'. Click on copy icon to copy the pattern
- To test the above pattern, enter a password in the field marked as 'Enter password to verify' field. Click on Validate to see if the entered password matches the regex as generated earlier. You will get the result as Valid or Invalid. You can test with different passwords and fine tune your input criteria accordingly.
- If you already have a password regular expression and want to use it as pure validator tool, you can do that as well. Paste your expression in the field marked as 'Password Regex'. Then follow same steps as above and enter different passwords in the "Enter password to verify". Click on Validate button each time to find out if entered password is valid or not as per your input expression.
What is Password Regex Generator and Validator?
- A Password regex generator creates regular expressions for password validation.
- A regular expression or regex is a pattern used in programs to match or search for a specific text.
- Password regexes are mainly used for password validation.
- They ensure that passwords meet the criteria as per the requirement pertaining to a minimum number of characters, maximum and minimum length of the password, rules for usage of uppercase and lowercase letters, numbers and special characters.
- Password validator is a tool that uses regexes to validate passwords. It does this by checking to see if the password matches the regex. If it does, the password is considered valid. If it doesn't, the password is considered invalid.
- Password regex generators and validators can be used by developers and customers or users to create strong passwords and to flag weak ones.
Password Regular Expression Reference Table
| Input | Expression | Example | Charset size | Entropy Value log2(charset) x length of password |
|---|---|---|---|---|
| Regex for Special Chars Password - alpha numeric with at least 1 special char ,at least 1 number and at least 1 upper and 1 lower case to be present | ^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[^a-zA-Z0-9])(?!.*\s).{12,24}$ | abcXyz@12345 | 92 | 6.524x12=78.2 |
| Regex for Alphabets - Allow Alphabets any case | ^[a-zA-Z]{12,24}$ | abcdefXyzABC | 52 | 5.7x12=68.4 |
| Regex for Alphanumeric - Allow Numbers | ^[a-zA-Z0-9]{12,24}$ | abcXyz123456 | 62 | 5.954x12=71.4 |
| Regex for Alphabets - Allow Only UpperCase | ^([A-Z]*$) | ABCXYZGHQWER | 26 | 4.7x12=56.4 |
| Regex for Alphabets - Allow Only LowerCase | ^([a-z]*$) | abcxyzqwerty | 26 | 4.7x12=56.4 |
| Regex for Minimum Length check | ^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[^a-zA-Z0-9])(?!.*\s).{12,24}$ | abcXyz@12345 | 92 | 6.524x12=78.2 |
| Regex for Maximum Length check | ^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[^a-zA-Z0-9])(?!.*\s).{12,24}$ | abcXyz-12_jan#&07%gh{$} | 92 | 5.954x24=156.5 |
| Regex for Alphanumeric - Password should contain at least 3 digits | ^(?=.*\d{3})(?=.*[a-z])(?=.*[A-Z])(?=.*[^a-zA-Z0-9])(?!.*\s).{12,24}$ | abcXyz123-jk$ | 92 | 6.524x12=78.2 |
| Regex for Alphanumeric - at least 4 upper case | ^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]{4})(?=.*[^a-zA-Z0-9])(?!.*\s).{12,24}$ | WXYZ-01_qa%? | 92 | 6.524x12=78.2 |
| Regex for Alphanumeric - Password should contain at least 1 lower case | ^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[^a-zA-Z0-9])(?!.*\s).{12,24}$ | agt7$5^io|cmP | 92 | 6.524x12=78.2 |
| Regex for Special Chars with limit - Password should contain at least 2 special chars | ^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*{|}?~_=+.-]{2})(?=.*[a-zA-Z0-9@$!%*?&{|}~_=+.-])(?!.*\s).{12,24}$ | abcXyz12$%jk | 92 | 6.524x12=78.2 |
Password Charset and Entropy Chart
| Charset Type | Charset Size | Entropy Per Char ( = Log2(charset)) |
|---|---|---|
| Alphabet Upper Case (A-Z) | 26 | 4.7 |
| Alphabet Lower Case (a-z) | 26 | 4.7 |
| Digits (0-9) | 10 | 3.322 |
| Special Chars (*,% ,$, # ..) | 30 | 4.907 |
| Dictionary words (english) | approx 171400 | 17.387 |
Frequently Asked Questions on Password Regex Generator
Regex stands for Regular Expression and it's a pattern of characters in a specific format that can act as a rule and can be used to check adherence or match of an input text to the rules.
A password regex is a pattern for matching passwords. Example of a password regular expression is ^([a-zA-Z0-9$@$!%*#?&.]*$).
This input matches any password / text which is alphanumeric and with special characters.
A good password contains Alpha numeric with mix of special chars, numbers, lower and upper case and length of 16 digits minimum .
^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[^a-zA-Z0-9])(?!.*\s).{16,48}$ .
This regex pattern finds the match for such passwords and mandates min length as 16 and max as 48.
16 digits or more is ideal. 12 digits is minimum.
A strong password should be longer than 15 chars and include alphabets/letters with mix of upper and lower case, numbers, and special characters.
The longer the password the more difficult it is to crack it as the number of permutation and combination to guess the password will be too high.
It should not contain any personal information or easily identifiable information.
Very short length passwords less than 6 digits.
Using the user name itself with or without variations, names of people, sports, names based on month,years , favourite players, items.
Generic ones like administrator, 12345, hello, password
There is no restriction in the usage of UUID as password but it's not typically used as it is difficult to remember the long UUID numbers.
A pass phrase is string of random words unlike the tradional alphanumeric with special chars type of passwords.
Examples of passphrase are Adam Likes Fuji Mountain.
The main advantage is can be memorized easily unlike passwords.
If passwords are short , then it's easy to crack.
If they are long, it's difficult to remember without writing it down somewhere.
Passphrase can be made really long and totally random and it should have some user specific inputs so it cannot be easily guessed.
Entropy in science is a measure of disorder or randomness or uncertainty in a system.
The same concept as applied to password generator measures randomness of a password.
Formula for Entropy is log2(c), where c is the count of chars in the charset. (entropy in bits per char) Password Entropy = log2(c) * length of password .
Charset is lower case, Upper case, Alpha numeric, Special chars.
Password Entropy = log2(c) * length of password. Refer Example below:
a. If password uses only upper case like ANONYMOUS then charset = 26 (no of chars from A-Z) Entropy = log2(26) x 9 (length of word) = 42.3 of entropy.
b. If password uses upper , lower and number like kj#ALMJ-121 then char set is (a-z , A-Z and 0-9) = 26+ 26+ 10 = .
Entropy = log2(62) x 12 = 5.95 * 11 = 71.4 bits of entropy.
The max no of combinations that brute force tool will need to crack this = 2 POWER (entropy bits) = 50,397,990,021,465,639,651.535643666153 . combinations.
Password strength is determined by measuring entropy as well as the uniqueness or randomness of the pattern.
The higher the entropy bits, the stronger it is and the more difficult it is to break it by brute force approach.
However even with high entropy but not sufficiently random and if the char are repetitive or very commnly used ones , then it's still susceptible to attacks.
For eg 01-December-2022 is 16 digits long and entropy may be high but it's not random and easily guessable.
The strength is measured as C^N (C is the char set size) and N is the length.
