Visual regex workbench
Build, import, explain, test and share regex visually.
Regex guide
Password validation is one of the most common regex use cases. This guide provides practical password regex examples ranging from simple minimum-length validation to strong password policies.
Requires at least 8 characters.
^.{8,}$password123mypasswordRequires at least one letter and one digit.
^(?=.*[A-Za-z])(?=.*\d).{8,}$password123abc12345Requires lowercase, uppercase, number and special character.
^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[^A-Za-z\d]).{8,}$Password1!MySecure#2026A stronger policy requiring at least 12 characters.
^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[^A-Za-z\d]).{12,}$MySecurePass#2026Password regex patterns help enforce basic security rules before a password is accepted by an application.
They can require minimum lengths, uppercase letters, lowercase letters, numbers and special characters, helping users create stronger passwords.
Most modern applications require a minimum password length and encourage a mix of character types.
Typical rules include at least one uppercase letter, one lowercase letter, one digit and one special character.
A complex password is not always a strong password. Adding a special character to a short or predictable password does not guarantee good security.
Long passwords and passphrases are often more secure than short passwords with many symbols.
Regex can verify whether a password follows formatting rules, but it cannot determine how resistant that password is to attacks.
True password strength depends on length, randomness, uniqueness and resistance to guessing techniques.
Regex validation is commonly used on the client side to provide immediate feedback to users.
However, password requirements should always be validated again on the server side because client-side checks can be bypassed.
Some password policies become so strict that they frustrate users without significantly improving security.
Good validation rules should balance usability, security and maintainability.
Many security organizations now recommend longer passwords and passphrases instead of extremely complex composition rules.
A password manager can help users generate and store secure passwords without having to remember complicated patterns.