Regex for Strong Password Validation
Validate strong passwords with this regex pattern. Requires at least one uppercase, lowercase, digit, and special character with 8+ characters.
Regular Expression
/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[!@#$%^&*()_+\-={}\[\]:;"'<>,.?/~`|\\]).{8,}$/
Token Breakdown
| Token | Description |
|---|---|
| ^ | Anchors at the start of the string (or line in multiline mode) |
| (?= | Start of positive lookahead assertion |
| . | Matches any character except newline (unless dotAll flag is set) |
| * | Matches the preceding element zero or more times (greedy) |
| [a-z] | Character class — matches any one of: a-z |
| ) | End of group |
| (?= | Start of positive lookahead assertion |
| . | Matches any character except newline (unless dotAll flag is set) |
| * | Matches the preceding element zero or more times (greedy) |
| [A-Z] | Character class — matches any one of: A-Z |
| ) | End of group |
| (?= | Start of positive lookahead assertion |
| . | Matches any character except newline (unless dotAll flag is set) |
| * | Matches the preceding element zero or more times (greedy) |
| \d | Matches any digit (0-9) |
| ) | End of group |
| (?= | Start of positive lookahead assertion |
| . | Matches any character except newline (unless dotAll flag is set) |
| * | Matches the preceding element zero or more times (greedy) |
| [!@#$%^&*()_+\-={}\[\]:;"'<>,.?/~`|\\] | Character class — matches any one of: !@#$%^&*()_+\-={}\[\]:;"'<>,.?/~`|\\ |
| ) | End of group |
| . | Matches any character except newline (unless dotAll flag is set) |
| {8,} | Matches 8 or more times |
| $ | Anchors at the end of the string (or line in multiline mode) |
Detailed Explanation
This regex enforces strong password requirements using multiple lookahead assertions. Here is the token-by-token breakdown:
^ — Anchors the match at the start of the string.
(?=.[a-z]) — A positive lookahead asserting the password contains at least one lowercase letter. The . allows any characters before the lowercase letter, so it can appear anywhere in the string. Lookaheads check conditions without consuming characters.
(?=.*[A-Z]) — A positive lookahead asserting at least one uppercase letter exists anywhere in the password.
(?=.*\d) — A positive lookahead asserting at least one digit (0-9) exists. The \d shorthand is equivalent to [0-9].
(?=.[!@#$%^&()_+-={}[]:;"'<>,.?/~`|\]) — A positive lookahead asserting at least one special character exists. The character class lists common special characters found on a standard keyboard. Some characters like -, [, ], and \ are escaped because they have special meaning in character classes.
.{8,} — Matches eight or more of any character. This enforces the minimum length requirement. The dot matches any character except newlines, and {8,} requires at least eight occurrences with no upper limit.
$ — Anchors the match at the end of the string.
All four lookaheads must pass before the length check. The lookaheads are independent of each other, so the required characters can appear in any order. This is the standard approach for password validation in web applications and security systems.
Example Test Strings
| Input | Expected |
|---|---|
| Str0ng!Pass | Match |
| password | No Match |
| Ab1!cdef | Match |
| NoSpecial1 | No Match |
| short1! | No Match |
Try It — Interactive Tester
81 charsFlags: noneMatches: 0Ctrl+Shift+C to copy regex