Home > Regex > Regex Password Validation

Regex Password Validation Cheat Sheet

Build stronger password validation rules with regex patterns for length, complexity, and allowed characters.

What this cheat sheet is for

This regex password validation reference helps you complete common developer tasks quickly and avoid repeated trial-and-error when working under deadlines.

  • When you need a reliable command or pattern during debugging and incident response.
  • When you are implementing a feature and want a known-good syntax example immediately.
  • When onboarding teammates and documenting repeatable workflows for daily use.
  • When reviewing pull requests and verifying that command usage follows best practices.

Strong Password Pattern

Requires lowercase, uppercase, number, and special character with minimum length.

^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{12,}$

Example

Valid: Tr0ub4dor!Safe
Invalid: password123

Allow Extended Special Characters

^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[^A-Za-z\d]).{10,64}$

Example

A_secure-Passphrase#2026

Multi-step Validation Strategy

Use regex for format checks and a separate breach/strength service for security quality checks.

// JS quick check
const isFormatValid = /^(?=.*[A-Z])(?=.*\d).{10,}$/.test(password);

Common mistakes / Pitfalls

  • People often copy a command or pattern without adapting placeholders, which can break production workflows unexpectedly.
  • It is easy to forget environment-specific differences, so always verify behavior in your shell, runtime, or API gateway before shipping.
  • Many errors come from skipping small validation steps, so test with realistic sample input before relying on the result.

Related Cheat Sheets

Last updated: February 2026