~/devtools / regex / password
tool::regex-guide

regex password

/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,}$/

Strong Password Validation

ad · 728×90
Regex Pattern
/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,}$/
Flags:none
Pattern Breakdown
(?=.*[a-z])Must contain at least one lowercase letter
(?=.*[A-Z])Must contain at least one uppercase letter
(?=.*\d)Must contain at least one digit
(?=.*[@$!%*?&])Must contain at least one special character
[A-Za-z\d@$!%*?&]{8,}Only allowed chars, minimum 8 length
Matching Examples
Passw0rd!
MyStr0ng@Pass
C0mpl3x!Pwd
Non-Matching Examples
password
PASSWORD1
Pass1234
P@ss!

Validates strong passwords requiring at least 8 characters with at least one uppercase letter, one lowercase letter, one digit, and one special character. Uses lookaheads to enforce all conditions regardless of order.

Language Usage

JavaScriptUse RegExp object or literal syntax
const pattern = /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,}$/;

// Test a string
console.log(pattern.test("Passw0rd!")); // true
console.log(pattern.test("password")); // false

// Match and extract
const result = "Passw0rd!".match(pattern);
PythonUse the re module
import re

pattern = r"^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,}$"

# Test a string
if re.fullmatch(pattern, "Passw0rd!"):
    print("Valid")

# Find all matches in text
matches = re.findall(pattern, text)
JavaUse java.util.regex package
import java.util.regex.*;

String pattern = "^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)(?=.*[@$!%*?&])[A-Za-z\\d@$!%*?&]{8,}$";
Pattern p = Pattern.compile(pattern);

Matcher m = p.matcher("Passw0rd!");
boolean isValid = m.matches(); // true

// Find occurrences
Matcher finder = p.matcher(inputText);
while (finder.find()) {
    System.out.println(finder.group());
}

Common Use Cases

  • Validate password strength on sign-up forms
  • Enforce rules on password change forms
  • Apply password policy to admin accounts
  • Validate API key format
  • Check security policy compliance

Related Patterns

email/^[a-zA-Z0-9._%+\-]+@[a-zA-Z0-9.\-]+\.[a-/iphone/^\+?[\d\s\-\(\)]{7,15}$/url/^https?:\/\/[^\s\/$.?#].[^\s]*$/iip-address/^((25[0-5]|2[0-4]\d|1\d{2}|[1-9]\d|\d)\./
ad · 300×250
Back to Regex Tester
// related tools
Cron Expression Generator
Build and parse cron expressions visually. Generate human-readable descriptions and preview next execution times.
jwt
JWT Decoder
Decode and inspect JWT tokens. View header, payload, and signature details.
Color Converter
Convert colors between HEX, RGB, HSL, and more. Pick colors visually.
ts
Timestamp Converter
Convert Unix timestamps to human-readable dates. Supports ms/s, UTC/local, and relative time.