Strong Password Regex Pattern

Enforce strong password requirements with regex: minimum 8 characters, uppercase, lowercase, digit, and special character.

The Pattern

/(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[!@#$%^&*]).{8,}/

Try it →

How It Works

Token	Meaning
`(?=.*[a-z])`	Lookahead: must contain at least one lowercase letter
`(?=.*[A-Z])`	Lookahead: must contain at least one uppercase letter
`(?=.*\d)`	Lookahead: must contain at least one digit
`(?=.[!@#$%^&])`	Lookahead: must contain at least one special character (!@#$%^&*)
`.{8,}`	Match 8 or more of any characters

Test Cases

✅P@ssw0rd!Match

✅Str0ng#PassMatch

✅Ab1!xxxxMatch

❌weakNo match

❌nouppercase1!No match

❌NOLOWER1!No match

❌NoDigit!!No match

Code Examples

javascript

const passwordRegex = /(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[!@#$%^&*]).{8,}/;
const password = "P@ssw0rd!";
const isStrong = passwordRegex.test(password);
console.log(isStrong); // true

python

import re
password_regex = r'(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[!@#$%^&*]).{8,}'
password = "P@ssw0rd!"
is_strong = bool(re.match(password_regex, password))
print(is_strong)  # True

Common Use Cases

Registration forms - enforce password complexity requirements
Security audits - check existing passwords meet policy
Password reset - validate new password strength
Configuration validation - enforce secret key complexity

Related Patterns

Email Address UUID Hex Color Code

Want to test this pattern with your own data?

Try this pattern in Regex Tester →