Back to Home

Moderate Password Validation Regex Pattern

CronOS Team
regexpasswordvalidationtutorialsecuritylookahead
TwitterFacebookLinkedIn

Need to generate a regex pattern?

Use CronOS to generate any regex pattern you wish with natural language. Simply describe what you need, and we'll create the perfect regex pattern for you. It's completely free!

Generate Regex Pattern

Moderate Password Validation Regex Pattern

A guide to validating moderate-strength passwords: 8+ characters with at least one letter and one number using regex lookaheads.

Pattern Breakdown

regex
^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d]{8,}$

Components

ComponentDescriptionMatches
^Start anchorEnsures match from string start
(?=.*[A-Za-z])Positive lookaheadMust contain at least one letter (any case)
(?=.*\d)Positive lookaheadMust contain at least one digit
[A-Za-z\d]{8,}Main pattern8+ characters: letters and digits only
$End anchorEnsures match to string end

Character Classes and Lookaheads

  • (?=.*[A-Za-z]) - Positive lookahead: asserts that at least one letter exists
  • (?=.*\d) - Positive lookahead: asserts that at least one digit exists
  • .* - Matches any character (except newline) zero or more times
  • [A-Za-z\d] - Allowed characters: letters (any case) and digits only
  • {8,} - Quantifier: 8 or more occurrences

Examples

Valid:

  • password123
  • MyPass456
  • secure789
  • PASSWORD1
  • abc12345
  • 1234567a

Invalid:

  • password (missing digit)
  • 12345678 (missing letter)
  • pass123 (too short, less than 8 characters)
  • Password! (contains special character not allowed)
  • pass word123 (contains space)

Implementation

JavaScript

javascript
const passwordRegex = /^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d]{8,}$/;
passwordRegex.test('password123'); // true
passwordRegex.test('MyPass456'); // true
passwordRegex.test('password'); // false (no digit)
passwordRegex.test('12345678'); // false (no letter)
passwordRegex.test('pass123'); // false (too short)

Python

python
import re
password_regex = r'^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d]{8,}$'
bool(re.match(password_regex, 'password123'))  # True
bool(re.match(password_regex, 'MyPass456'))  # True
bool(re.match(password_regex, 'password'))  # False (no digit)

Go

go
passwordRegex := regexp.MustCompile(`^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d]{8,}$`)
passwordRegex.MatchString("password123") // true
passwordRegex.MatchString("MyPass456") // true
passwordRegex.MatchString("password") // false (no digit)

Limitations

  1. No special characters: Only allows letters and digits
  2. No case requirement: Doesn't require both uppercase and lowercase
  3. No maximum length: Doesn't enforce upper limit
  4. Weak security: Less secure than complex password patterns
  5. No unicode support: Only ASCII characters

When to Use

  • Moderate security requirements
  • Internal applications with lower security needs
  • When simplicity is preferred over maximum security
  • Quick validation for basic password requirements
  • User-friendly password policies

For production, consider:

  • Adding special character requirement for better security
  • Requiring both uppercase and lowercase
  • Adding maximum length: {8,128}
  • Server-side validation
  • Password strength indicators

Need to generate a regex pattern?

Use CronOS to generate any regex pattern you wish with natural language. Simply describe what you need, and we'll create the perfect regex pattern for you. It's completely free!

Generate Regex Pattern