Skip to content

Java Regular Expression Password Validation Example

Previously I covered how to validate username using regular expression in Java. Java Regular Expression Password Validation example shows how to validate a password using Java regular expression. This pattern can be used to validate password requirements like alphanumeric characters, total length and special characters.

Java Regular Expression Password Validation

There may be different requirements for password validation. This example covers the most common requirements of them. The example requirements are as follows.

1) Password must contain at least 8 characters
2) Password must contain at least 1 number
3) Password must contain at least 1 upper case letter
4) Password must contain at least 1 lower case letter
5) Password must contain at least 1 special character
6) Password must not contain any spaces

Let’s try to build the regular expression pattern for the above requirements one by one. Here is the initial pattern for the first two requirements.


The positive lookahead expression (?=.*[0-9]) will return true for any character followed by a digit (thus satisfying our requirement number 2). The {8,} part will satisfy requirement number 1 of minimum length.

Let’s try out our initial password regular expression pattern.


As you may have observed, all the passwords containing a digit and minimum 8 in length turned out to be a valid password as per our pattern. The “mypassword” password is not a valid one because it does not contain a digit, while the “F@rd1co” is not valid as it does not satisfy our minimum length requirement.

Let’s now try to implement requirements 3, 4, 5 and 6 in the same way as requirement 2. Basically, we want one positive lookahead expression per the requirement as given below.


Let’s try the pattern.


An explanation for the failed password test cases:

You may have observed that our last test case the “<RRPhantom@16>” password turned out to be a valid password even though we did not have “<” and “>” in the list of our special characters. It is because once any special character out of the allowed characters is found in the string (in this case “@”), the lookahead expression does not check for others and returns true.

While this is not a problem in most cases, but if you have the requirement for the password to contain only special characters from the predefined set of characters, you can change the pattern as follows.

We have added only one extra check in the above pattern “[a-zA-Z0-9!@#$%^&*]” which makes sure that password contains characters from predefined set of characters (i.e. all lower and upper case letters, 0 to 9 digits and special character out of “!@#$%^&*”characters). If the password contains any character which is not in this list, the pattern will fail and the matches method will return false.


This example is a part of the Java RegEx tutorial with examples.

Please let me know your views in the comments section below.

About the author


  1. I really appreciate this article because I never knew how to validate a password strength until I visit this website.

    The other thing that makes me appreciate this is because the way you break your code into pieces and explain each part.

    I know understand how do this by my self.

Leave a Reply

Your email address will not be published.