$devtoolkit.sh/examples/regex/password-strength

Regex Pattern for Password Strength

Password strength requirements are commonly enforced with a series of lookahead assertions that independently check for each rule. This example requires at least 8 characters, one uppercase letter, one digit, and one special character. You can test each rule as a separate pattern or combine them into a single expression. The regex tester shows which rules a candidate password satisfies.

Example
/^(?=.*[A-Z])(?=.*[0-9])(?=.*[!@#$%^&*]).{8,}$/

# Test cases:
Passw0rd!
weakpass
NoSpecial1
nouppercase1!
Short1!
SecureP@ss42
password123
[ open in Regex Tester → ]

FAQ

What are lookahead assertions in regex?
Lookaheads like (?=.*[A-Z]) assert that a pattern exists somewhere ahead in the string without consuming characters, making them ideal for checking multiple independent conditions.
Should I use regex for all password validation?
Regex covers format rules well but cannot check against breached password lists. Combine regex validation with a check against Have I Been Pwned for better security.
How do I show users which password rules they have met?
Run each rule as a separate regex test and track which ones pass. Map each result to a visual indicator next to the corresponding rule description in your UI.

Related Examples

Regex Pattern for Email Validation

Email validation regex is one of the most commonly written and miswritten patter...

Regex Pattern for Phone Numbers

Phone numbers appear in dozens of formats: with country codes, spaces, dashes, d...

Regex Pattern for Date Formats

Date strings come in many formats and regex can catch obvious formatting errors ...

/examples/regex/password-strengthv1.0.0