Been trying all morning to figure out a regex pattern for an AD password restriction we're trying to enforce. Any ideas?
MUST have at least one of the following special characters, but must be able to permit all: ! @ # $ % ^ & * ( ) - _ + = { } [ ] | \ : ; " ' < > , . ? /
8 to 14 characters long
Can be in ANY order
I've tried about 50 combinations and the special characters part eludes me.
The one's I've found on here or online don't include the bracket special characters and a few others unfortunately.
Multiple seperate lookaheads from the start of string should work (demo)
^(?=.*?[a-z])(?=.*?[A-Z])(?=.*?[0-9])(?=.*?[#!@$%^&*()\-_+={}[\]|\\:;"'<>,.?\/]).{8,14}$
^ # anchors to start of string
(?=.*?[a-z]) # lookahead for lowercase
(?=.*?[A-Z]) # lookahead for uppercase
(?=.*?[0-9]) # lookahead for numbers
(?=.*?[#!@$%^&*()\-_+={}[\\]|\:;"'<>,.?\/]) # lookahead for special characters
.{8,14} # the actual capture, also sets boundaries for 8-14
$ # anchors to end of string
Updated to include !, and @. Missed them in first test.
Updated to escape hyphen.