How many possible passwords are there if the password is 4 characters where each character is a letter or a digit and password must contain at least two letters?

✅ The following 4 regex patterns can help you to write almost any password validation

Pattern 1:

Password must contain one digit from 1 to 9, one lowercase letter, one uppercase letter, one special character, no space, and it must be 8-16 characters long.
Inhaltsverzeichnis Show

✅ The following 4 regex patterns can help you to write almost any password validation
General Guidelines:
Do Not Choose…

/^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*\W)(?!.* ).{8,16}$/

Explanation:

(?=.*[0-9]) means that the password must contain a single digit from 1 to 9.

(?=.*[a-z]) means that the password must contain one lowercase letter.

(?=.*[A-Z]) means that the password must contain one uppercase letter.

(?=.*\W) means that the password must contain one special character.

.{8,16} means that the password must be 8-16 characters long. We must use this at the end of the regex, just before the $ symbol.

What are ^ and $:

^ indicates the beginning of the string. $ indicates the end of the string.

If we don't use these ^ & $, the regex will not be able to determine the maximum length of the password. In the above example, we have a condition that the password can't be longer than 16 characters, to make that condition work, we have used these ^ & $

Remove maximum length restriction:

Instead of .{8,16}, if we used .{8,}, it would mean that the password must be at least 8 characters long. So, there will not be any condition for checking the maximum length of the password.

Don't accept any number(digit):

Instead of (?=.*[0-9]), if we used (?!.*[0-9]), it would mean that the password must not contain any digit from 1-9 (Difference with the (?=.*[0-9]) is the use of ! instead of =)

Don't accept any spcecial character:

Instead of (?=.*\W), if we used (?!.*\W), it would mean that the password must not contain any special characters (The difference with the (?=.*\W) is the use of ! instead of =)

Alternative Syntax for number(digit):

Instead of (?=.*[0-9]), we could have used (?=.*\d). (?=.*\d) also means that the password must contain a single digit from 1 to 9.

Pattern 2:

Password must contain one digit from 1 to 9, one lowercase letter, one uppercase letter, one underscore but no other special character, no space and it must be 8-16 characters long.

/^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*_)(?!.*\W)(?!.* ).{8,16}$/

Difference with the Pattern 1

Here, we have used (?=.*_) which wasn't on the Pattern 1.

(?=.*_)(?!.*\W) means that the password must contain an underscore but can not contain any other special character.

Pattern 3:

Password must contain one digit from 1 to 9, one lowercase letter, one uppercase letter, one underscore, no space and it must be 8-16 characters long. Usage of any other special character other than underscore is optional.

/^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*_)(?!.* ).{8,16}$/

Difference with the Pattern 2

Here, we have not used (?!.*\W) what was on the Pattern 2.

But it still has the (?=.*_)

By just removing the (?!.*\W), special characters have become optional. Now, one underscore is required but any other special character can be used or not as it's optional.

Pattern 4:

Password must contain one digit from 1 to 9, one lowercase letter, one uppercase letter, and one underscore, and it must be 8-16 characters long. Usage of any other special character and usage of space is optional.

/^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z]).{8,16}$/

Difference with the Pattern 3

Here, we have not used (?=.*_) & (?!.* ) which was on the Pattern 3.

By removing (?=.*_), it's no longer mandatory to pass one underscore. Now, passing special characters is optional.

By removing the (?!.* ), usage of space has become optional too.

Page 2

I want a regular expression to check that:

A password contains at least eight characters, including at least one number and includes both lower and uppercase letters and special characters, for example #, ?, !.

It cannot be your old password or contain your username, "password", or "websitename"

And here is my validation expression which is for eight characters including one uppercase letter, one lowercase letter, and one number or special character.

(?=^.{8,}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$"

How can I write it for a password must be eight characters including one uppercase letter, one special character and alphanumeric characters?

Passwords must contain:

a minimum of 1 lower case letter [a-z] and
a minimum of 1 upper case letter [A-Z] and
a minimum of 1 numeric character [0-9] and
a minimum of 1 special character: ~`!@#$%^&*()-_+={}[]|\;:"<>,./?
at least 1 upper case, numeric, and special character must be EMBEDDED somewhere in the middle of the password, and not just be the first or the last character of the password string.
Passwords must be at least 10 characters in length, but can be much longer.

Passphrases are longer versions of passwords that may be easier to remember and harder to guess. If you opt to use a passphrase, some of the complexity requirements are relaxed:

a minimum of 20 characters in length
a minimum of 2 character sets from these classes: [letters], [numbers], [special characters (as above)]

Some other considerations:

Please do not use the same password in the CS Department that you use anywhere else -- either in the rest of the University, at other jobs, other research institutions, etc.
Never tell *anyone* else your password.
Don't write your password down, and especially don't post in your work area, or online in a file.
Passwords must not be based on a dictionary word or have been previously cracked.
Passwords should not contain any personal information.

We encourage the use of a Password Manager, which makes it possible to use very complex passwords that are different for each site and are not reused. The University has partnered with LastPass to supply complimentary LastPass password management accounts to students, faculty, and staff.

Other techniques for selecting strong and memorable passwords can be found in the OIT Information Security Office. (Note, however, that our password rules differ from OIT's password rules.)

For more information on choosing strong passwords visit the BU’s IS&T page

General Guidelines:

So, how do you have a “strong” password that is easy to remember? While it may seem tough to do this, there are a few simple tips that can make it easy.Note: the examples below illustrate just the concepts being discussed. No single technique should be used on its own, but rather should be used with other techniques. The combination of several will produce a strong password.

Use a mix of alphabetical and numeric characters.
Use a mixture of upper- and lowercase; passwords are case sensitive.
Use symbols if the system allows (spaces shouldn’t be used as some applications may trim them away)
Use a combination of letters and numbers, or a phrase like “many colors” using only the consonants, e.g., mnYc0l0rz or a misspelled phrase, e.g., 2HotPeetzas or ItzAGurl .
Pick something obscure:
- an odd character in an otherwise familiar term, such as phnybon instead of funnybone;
- a combination of two unrelated words like cementhat
- An acronym for an easy to remember quote or phrase (see below)
- a deliberately misspelled term, e.g., Wdn-G8 (Wooden Gate) or HersL00kn@U (Here’s looking at you).
- Replace a letter with another letter, symbol or combination, but don’t be too obvious about it. Replacing o with 0 or a with 2 or i with 1 is something that hackers just expect. It is definitely better than nothing, but replacing 0 with () would be stronger as it makes your password longer and is not as obvious
- An easily phonetically pronounceable nonsense word, e.g., RooB-Red or good-eits .
- Two words separated by a non-alphabetic, non-numeric, or punctuation character, e.g., PC%Kat or dog,~1#

Choose

You want to choose something that is easy to remember with a minimum of 8 characters that uses as many of the techniques above as possible. One way to do this is to pick a phrase you will remember, pick all the first or last letters from each word and then substitute some letters with numbers and symbols. You can then apply capitals to some letters (perhaps the first and last, or second to last, etc.) You could also perhaps keep or add punctuation.

Some examples:

Phrase	First Letters	Password
So long and thanks for all the fish”	slatfatf	5L@tf@tF
“Best Series Ever: Terry Goodkind’s Sword of Truth”	bsetgsot	B53:tg’Sot
“You Can’t Have Everything. Where Would You Put It?”	ychewwypi	Uch3Wwup1?

If you are selecting a password for a website, you may want to incorporate the first few letters of the website name into your password so that every password is different and if one gets out, you don’t have to change them all. This approach has good and bad points.

For example, if you have a standard password like B53:tg’Sot (see above) that you like to use most places (this not recommended), you may modify it by placing the first and last letter of the website around it:

Website	Password
www.ebay.com	eB53:tg’Soty
www.amazon.com	aB53:tg’Sotn
www.webshots.com	wB53:tg’Sots

Do Not Choose…

Your name in any form — first, middle, last, maiden, spelled backwards, nickname or initials.
Any ID number or user ID in any form, even spelled backwards.
Part of your userid or name.
Any common name, e.g., Sue, Joe.
Passwords of fewer than eight characters.
The name of a close relative, friend, or pet.
Your phone or office number, address, birthday, or anniversary.
Acronyms, geographical or product names, and technical terms.
Any all-numeral passwords, e.g., your license-plate number, social-security number.
Names from popular culture, e.g., Harry_Potter, Sleepy.
A single word either preceded or followed by a digit, a punctuation mark, up arrow, or space.
Words or phrases with all the vowels or white spaces deleted.
Words or phrases that do not mix upper and lower case, or do not mix letters or numbers, or do not mix letters and punctuation.
Any word that exactly matches a word in a dictionary, forward, reversed, or pluralized, with some or all of the letters capitalized, or with any of the following substitutions:
a -> 2, a -> 4, e -> 3, h -> 4, i -> 1, l -> 1, o -> 0, s -> $, s -> 5, z -> 5

WHY!?

If you only use words from a dictionary or a purely numeric password, a hacker only has to try a limited list of possibilities. A hacking program can try the full set in under one minute. If you use the full set of characters and the techniques above, you force a hacker to continue trying every possible combination to find yours. If we assume that the password is 8 characters long, this table shows how many times a hacker may have to before guessing your password. Most password crackers have rules that can try millions of word variants per second, so the more algorithmically complex your password, the better.

Character Sets used in Password	Calculation	Possible Combinations
Dictionary words (in english): (It is debatable but lets generously say ~600,000 words)	—	600,000
Numbers Only	10^8	100,000,000
Lowercase Alpha Set only	26^8	208,827,064,576
Full Alpha Set	52^8	53,459,728,531,456
Full Alpha + Number Set	62^8	218,340,105,584,896
Full Set of allowed printable characters set	(10+26+26+19)^8

The longer your password the more secure. If we take the full set of allowed printable characters set (the last line above) and increase the password length, the possible combinations jump exponentially (odd, considering that the calculation includes exponents…)