ASP.NET Regular Expression Validator (Password Strength)

Question

I have a validation control that has the following expression:

(?=(.*\\\\d.*){2,})(?=(.*\\\\w.*){2,})(?=(.*\\\\W.*){1,}).{8,}

That\'s a passwor

Answer 1

This will get you 2 min digits, 2 min characters, and min 8 character length... I refuse to show you how to not allow users to have non-alphanumeric characters in their passwords, why do sites want to enforce less secure passwords?

^(?=.*\d{2})(?=.*[a-zA-Z]{2}).{8,}$