Regular Expressions Password Checker
As a coding challenge I sought to create a password checker with regular expressions.
The goal is to make a password checking function to make sure that new passwords adhere to the security requirements. In this challenge the password must have two capital letters, one special character, two numbers, three lowercase letters and 8 total characters. I’ve included the final code at the top and will explain each step of the process below.
Getting Set Up
Every regular expression search requires three steps: (1) import the regex module, (2) compile the expression you’ll be searching for and (3) save it as a regex object.
The code below shows an example of searching for a social security number. The expression follows the format of a social security number — 3 digits, a hyphen, 2 digits, a hyphen, and 4 digits. The search function looks for the pattern in the string “My social is 123–45–6789” and saves it to “mo” or match object. Mo.group() outputs the match.
Breaking Down the password_regex Code
The password_regex script above codes the password requirements. Intuitively we can see that the first line probably deals with the capital letters [A-Z], the next line handles special characters [!@#$&*], then numbers [0–9], then lowercase letters [a-z], and finally a minimum character count {8,}. Let’s break down each step of the process.
Organization
To improve readability, organization of the code is very important. By using triple quotes (‘ ‘ ‘) to start and end the expression along with “re.VERBOSE” as a second argument, we are able to write each password requirement on its own line. Without this code the expression would need to be written on one single line making it very difficult to read.
Carrots Cost Dollars
After the triple quotes the next set of bookends is the carrot (^) and the dollar sign ($). When these characters are used together the entire string must match the regular expression. “Carrots cost dollars” is a mnemonic for the order — the carrot comes first and the dollar sign comes last.
Lookaround
After the carrot we see 4 lines of code that follow a similar pattern. Most noteably they start with a question mark and equal sign (?=). This combo is called a lookaround. A lookaround is a zero-length assertion that matches characters but doesn’t return the match. Instead, it returns the result telling us if there was a match or no match. It simply asserts whether a match is possible or not. This is perfect for our password test because we don’t want to return one of the password requirements but rather simply confirm that the password met the requirement.
Dot-Star
After the lookaround is the Dot-Star (.*). The Dot-Star matches anything and everything. The Dot is the anything component. It is a wildcard character that matches to any character. The star is the everything component. It looks to the preceding character and matches zero or more of that character. Together they allow the expression to iterate through the password until it finds its requirement, such as a special character.
Customize Your Own Classes
You can use square brackets to create your own character classes. For example:
[a-z] — matches all lowercase letters
[A-Z] — matches all uppercase letters
[0–9] — matches all numbers
[a-z0–9] — matches all lowercase letters and numbers
Chain It Together
The code chains the above concepts to check for the password requirements. For example, to find two capital letters in the password string the code uses Dot-Star and [A-Z] twice in a row. If the potential password is “lasVeGaS777!”, this line of code will read “lasVeG” and then return a match. The first Dot-Star picks up “las” then the regex reads “V”. The second Dot-Star picks up “e” then the regex reads “G”. This is enough to return a match.
Minimum Password Length
The last step is checking that the password has at least 8 characters.
.{8,} matches 8 or more of the preceding group.
Equation
The equation asks the user to input a password. If the “mo” or match object is True, then the password is successful. If the “mo” is False then the user will need to try again.
