Password validation in Python

Password validation is essential for securing applications. In this article, we will see how to validate if a given password meets certain complexity requirements using Python's re (regular expression) module.

Password Requirements

Our validation will check for the following criteria ?

• At least one lowercase letter (a-z)
• At least one uppercase letter (A-Z)
• At least one digit (0-9)
• At least one special character (@$!%*#?&)
• Password length between 8 and 18 characters

Regular Expression Breakdown

The regex pattern ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*#?&])[A-Za-z\d@$!#%*?&]{8,18}$ uses positive lookaheads to ensure all conditions are met ?

• ^ - Start of string
• (?=.*[a-z]) - Must contain lowercase letter
• (?=.*[A-Z]) - Must contain uppercase letter
• (?=.*\d) - Must contain digit
• (?=.*[@$!%*#?&]) - Must contain special character
• [A-Za-z\d@$!#%*?&]{8,18} - Only allowed characters, 8-18 length
• $ - End of string

Example 1: Valid Password

Let's test with a password that meets all requirements ?

import re

password = 'XdsE83&!'
regex = "^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*#?&])[A-Za-z\d@$!#%*?&]{8,18}$"

# Compile regex pattern
pattern = re.compile(regex)

# Check if password matches
result = re.search(pattern, password)

# Validate and display result
if result:
    print("Valid Password")
else:
    print("Invalid Password")

Valid Password

Example 2: Invalid Password

Now let's test with a password missing digits ?

import re

password = 'XdsEfg&!'
regex = "^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*#?&])[A-Za-z\d@$!#%*?&]{8,18}$"

# Compile regex pattern
pattern = re.compile(regex)

# Check if password matches
result = re.search(pattern, password)

# Validate and display result
if result:
    print("Valid Password")
else:
    print("Invalid Password")

Invalid Password

Enhanced Validation Function

Here's a more comprehensive function that provides detailed feedback ?

import re

def validate_password(password):
    """Validate password and return detailed feedback"""
    criteria = {
        'length': len(password) >= 8 and len(password) <= 18,
        'lowercase': bool(re.search(r'[a-z]', password)),
        'uppercase': bool(re.search(r'[A-Z]', password)),
        'digit': bool(re.search(r'\d', password)),
        'special': bool(re.search(r'[@$!%*#?&]', password))
    }
    
    is_valid = all(criteria.values())
    
    print(f"Password: {password}")
    print(f"Valid: {is_valid}")
    print("Criteria check:")
    for criterion, passed in criteria.items():
        status = "?" if passed else "?"
        print(f"  {criterion}: {status}")
    
    return is_valid

# Test different passwords
test_passwords = ['XdsE83&!', 'password', 'Password1', 'Pass@123']

for pwd in test_passwords:
    validate_password(pwd)
    print("-" * 30)

Password: XdsE83&!
Valid: True
Criteria check:
  length: ?
  lowercase: ?
  uppercase: ?
  digit: ?
  special: ?
------------------------------
Password: password
Valid: False
Criteria check:
  length: ?
  lowercase: ?
  uppercase: ?
  digit: ?
  special: ?
------------------------------
Password: Password1
Valid: False
Criteria check:
  length: ?
  lowercase: ?
  uppercase: ?
  digit: ?
  special: ?
------------------------------
Password: Pass@123
Valid: True
Criteria check:
  length: ?
  lowercase: ?
  uppercase: ?
  digit: ?
  special: ?
------------------------------

Conclusion

Password validation using regular expressions ensures strong security by checking multiple criteria simultaneously. The enhanced validation function provides detailed feedback, making it easier to understand why a password fails validation.