I came across to a post by Anil John talking about how to enforce password complexity by using regular expresion.
Here is the regular expression he wrote:
^.*(?=.{10,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=]).*$
What it enforces is:
- Must be at least 10 characters
- Must contain at least one one lower case letter, one upper case letter, one digit and one special character
- Valid special characters are – @#$%^&+=
This regular expression can be easily used for the RegularExpressValidator control in ASP.NET, and can be easily modified as well to suit your requirements.
