Password Regex Generator and Validator

Create a Rules based Regular Expression for Password Regex Validation


Developer Tools

Password Regex Generator and Validator

Generate Regular expression for password based on rules combining any of regex for alphabets, regex for alphanumeric, regex for special characters with min/max limits. You can also Enter Custom Regex for Password Validation

Regex Pattern

copy icon     Copy

Min Length


Max Length


Min Digits


Allow Special Characters

Min Symbols


Case Selection

Min Upper case


Min Lower Case


You can enter different password to validate for above generated Regular expression. You can also copy other password regex patterns in Regex field and validate it here

Enter password to verify


Password Regex Generator and Validator

faq icon
  • Password regex generator creates regular expressions (regexes) for password validation.
  • Regexes are patterns that can be used to match or search for specific text.
  • Password regexes are typically used to ensure that passwords are strong and meet certain criteria, such as containing a minimum number of characters, uppercase and lowercase letters, numbers, and special characters.
  • A password regex validator is a tool that uses regexes to validate passwords. It does this by checking to see if the password matches the regex. If it does, the password is considered valid. If it doesn't, the password is considered invalid.
  • Password regex generators and validators are useful for a variety of reasons. For example, they can be used:
  • By Developers to Ensure that passwords are strong and meet certain criteria.
  • Help users create strong passwords.
  • Prevent users from creating weak or easily guessable passwords.
  • Detect and flag weak passwords in systems that store passwords.
  • Regex stands for regular expression, and it is a way of describing patterns in text. Regex patterns can be used to match, search, and manipulate text.
  • To use a password regex generator, you typically specify the criteria for the password, such as the minimum length and the types of characters that must be included. The generator tool will then generate a password that meets those criteria.
  • Here are some examples of password regex patterns:
  • These patterns require the password to be at least 8 or 10 characters long and to contain at least one lowercase letter, one uppercase letter, one number, and one symbol.

Note: This content was generated by Bard, the Google AI model.

Password Regular Expression Reference Table




Charset size

Entropy Value log2(charset) x length of password

Regex for Special Chars Password - alpha numeric with at least 1 special char ,at least 1 number and at least 1 upper and 1 lower case to be present





Regex for Alphabets - Allow Alphabets any case





Regex for Alphanumeric - Allow Numbers





Regex for Alphabets - Allow Only UpperCase





Regex for Alphabets - Allow Only LowerCase





Regex for Minimum Length check





Regex for Maximum Length check





Regex for Alphanumeric - Password should contain at least 3 digits





Regex for Alphanumeric - at least 4 upper case





Regex for Alphanumeric - Password should contain at least 1 lower case





Regex for Special Chars with limit - Password should contain at least 2 special chars





Password Charset and Entropy Formula Chart

Charset Type

Charset Size

Entropy Per Char ( = Log2(charset))

Alphabet Upper Case (A-Z)



Alphabet Lower Case (a-z)



Digits (0-9)



Special Chars (*,% ,$, # ..)



Dictionary words (english)

approx 171400


Frequently Asked Questions on Password Regex Generator

FAQ icon

  • Regex stands for Regular Expression and it's a pattern of characters in a specific format that can act as a rule and can be used to check adherence or match of an input text to the rules. A password regex is a pattern for matching passwords. Example of a password regular expression is ^([a-zA-Z0-9$@$!%*#?&.]*$) . This input matches any password / text which is alphanumeric and with special characters.

  • A good password contains Alpha numeric with mix of special chars, numbers, lower and upper case and length of 16 digits minimum . ^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[^a-zA-Z0-9])(?!.*\s).{16,48}$ . This regex pattern finds the match for such passwords and mandates min length as 16 and max as 48.

  • 16 digits or more is ideal. 12 digits is minimum.

  • A strong password should be longer than 15 chars and include alphabets/letters with mix of upper and lower case, numbers, and special characters. The longer the password the more difficult it is to crack it as the number of permutation and combination to guess the password will be too high. It should not contain any personal information or easily identifiable information.

  • Very short length passwords less than 6 digits. Using the user name itself with or without variations, names of people, sports, names based on month,years , favourite players, items. Generic ones like administrator, 12345, hello, password

  • There is no restriction in the usage of UUID as password but it's not typically used as it is difficult to remember the long UUID numbers.

  • A pass phrase is string of random words unlike the tradional alphanumeric with special chars type of passwords. Examples of passphrase are Elma Likes Mountain Treks. The main advantage is can be memorized easily unlike passwords. If passwords are short , then it's easy to crack. If they are long, it's difficult to remember without writing it down somewhere. Passphrase can be made really long and totally random and it should have some user specific inputs so it cannot be easily guessed.

  • Entropy in science is a measure of disorder or randomness or uncertainty in a system. The same concept as applied to password generator measures randomness of a password. Formula for Entropy is log2(c), where c is the count of chars in the charset. (entropy in bits per char) Password Entropy = log2(c) * length of password . Charset is lower case, Upper case, Alpha numeric, Special chars.

  • Password Entropy = log2(c) * length of password. Refer Example below: a. If password uses only upper case like ANONYMOUS then charset = 26 (no of chars from A-Z) Entropy = log2(26) x 9 (length of word) = 42.3 of entropy. b. If password uses upper , lower and number like kj#ALMJ-121 then char set is (a-z , A-Z and 0-9) = 26+ 26+ 10 = . Entropy = log2(62) x 12 = 5.95 * 11 = 71.4 bits of entropy. The max no of combinations that brute force tool will need to crack this = 2 POWER (entropy bits) = 50,397,990,021,465,639,651.535643666153 . combinations.

  • Password strength is determined by measuring entropy as well as the uniqueness or randomness of the pattern. The higher the entropy bits, the stronger it is and the more difficult it is to break it by brute force approach. However even with high entropy but not sufficiently random and if the char are repetitive or very commnly used ones , then it's still susceptible to attacks. For eg 01-December-2022 is 16 digits long and entropy may be high but it's not random and easily guessable. The strength is measured as C^N (C is the char set size) and N is the length.