Regex Essentials: Password Strength Validation Quiz

Explore key regex concepts for password strength validation, including pattern components, common pitfalls, and practical examples. This quiz helps you assess your understanding of crafting secure and effective regular expressions for password policies.

Identifying a Strong Password Regex Pattern
Which regex pattern best enforces a password containing at least one uppercase letter, one lowercase letter, one digit, and a minimum of 8 characters?
1. ^(?=.*[a-z])(?=.*[A-Z])(?=.*d).{8,}$
2. ^[a-zA-Z0-9]{8,}$
3. ^.{8,}(?=.*[A-Z])$
4. ^(?=.*[0-9])(?=.*[A-Z])(?=.*[a-z]).{6,}$
Explanation: The first option uses positive lookaheads to require at least one lowercase, one uppercase letter, one digit, and a minimum of 8 characters, which matches strong password criteria. The second option fails to require all three character types. The third option checks for uppercase but neglects digits or lowercase. The fourth enforces character types but only requires 6 characters, not 8.
Special Character Validation in Regex
If you want a password regex that requires at least one special character (such as !, @, #, $, or %), which component should be added?
1. (?=.*[!@#$%])
2. (?=.*[a-zA-Z0-9])
3. d{1,}
4. (.{8,})
Explanation: The correct option, '(?=.*[!@#$%])', is a lookahead ensuring at least one specified special character is present. The second option matches alphanumeric characters, not special ones. The third option merely ensures digit presence. The last option only enforces length, not character type.
Avoiding Common Regex Mistakes
Why would the regex ^[A-Za-z0-9]{8,}$ be insufficient for strong password validation despite requiring at least 8 characters?
1. It allows passwords that lack uppercase, lowercase, or digit variety.
2. It forbids the use of digits in passwords.
3. It requires exactly 8 characters, no more.
4. It includes whitespace as a valid character.
Explanation: This regex only ensures that passwords use letters or digits and are at least 8 characters long but doesn't require at least one of each group, allowing weak passwords like 'abcdefgh.' It doesn't forbid digits, as both letters and numbers are included. It permits any length of 8 or more. It doesn't match whitespace because only letters and digits are allowed.
Regex for Characters Not Allowed in Passwords
Which regex pattern would reject any password containing whitespace characters?
1. ^S+$
2. ^[A-Za-z0-9 ]+$
3. ^(?!.*[0-9]).+$
4. ^.*s+.*$
Explanation: The pattern '^S+$' matches strings that contain only non-whitespace characters from start to end, thus rejecting those with spaces or tabs. The second option allows spaces. The third option rejects passwords with digits, not whitespace. The fourth option, in fact, matches passwords that do contain whitespace, not those that lack it.
Practical Example: Validating a Test Password
Given the regex ^(?=.*[a-z])(?=.*[A-Z])(?=.*d)(?=.*[!#%]).{8,}$, would the password Secure9# pass this validation?
1. Yes, because it contains all required character types and is of sufficient length.
2. No, because it lacks a lowercase letter.
3. No, because it is too short.
4. No, because it does not include a permitted special character.
Explanation: The password 'Secure9#' includes lowercase and uppercase letters, a digit, a special character from the listed set (#), and is 8 characters long. Thus, it meets all requirements. The second and third options are incorrect, as 'Secure9#' has both lowercase and is 8 characters. The last option is incorrect since '#' is a permitted character.

Regex Essentials: Password Strength Validation Quiz

Identifying a Strong Password Regex Pattern

Special Character Validation in Regex

Avoiding Common Regex Mistakes

Regex for Characters Not Allowed in Passwords

Practical Example: Validating a Test Password