Security

Strong Password

Enforce strong passwords: min 8 chars, at least one lowercase, uppercase, digit, and special character.

Try it in RegexPro →

Available in

JSSupported

JavaScript / ECMAScript

Browser-native RegExp. Default if you don't pick.

PYSupported

Python (re)

CPython stdlib `re`. Unicode-aware `\w` and `\d` by default.

GOSee workaround

Go (RE2)

Linear-time matching. No backreferences or lookarounds.

Pattern

regexengine-agnostic

^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[^a-zA-Z\d\s]).{8,}$

Raw source: ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[^a-zA-Z\d\s]).{8,}$

How it works

Uses four lookaheads from the start (^) to assert each required character class exists somewhere in the string, then .{8,} ensures minimum length, and $ anchors the end.

Examples

Input

MyP@ssw0rd

Matches

MyP@ssw0rd

Input

password123

No match

—

Input

SHORT1!

No match

—

Common use cases

•User registration form validation
•Password policy enforcement
•Admin panel access controls
•Security compliance checks

Related patterns

Password (No Special Chars)

Validation

Validate passwords requiring at least one lowercase, one uppercase, one digit, and minimum 8 characters — no special characters required.

bcrypt Password Hash

Security

Match bcrypt password hashes in their canonical $2a$/$2b$/$2y$ prefixed format.

Generic API Key

Security

Match generic long alphanumeric tokens (32+ chars) typical of API keys and access tokens.

Positive Lookahead (Password)

Text Processing

Use positive lookahead `(?=...)` to require the password contain at least one digit and one uppercase letter.

Related concepts

Anchors: ^ and $ Explained

Concept

Anchors match positions, not characters. ^ asserts the start of the string (or line, with the m flag) and $ asserts the end.

Lookahead and Lookbehind

Concept

Lookarounds assert a condition at a position without consuming characters. (?=X) is lookahead, (?<=X) is lookbehind. ! negates them.

←PreviousUS ZIP Code

All patterns

NextUUID (v1–v5)→