Checking for Password Complexity Using Regular Expressions

There is this very interesting thread on the Microsoft Technet Forums (Scripting) wherein one poster was inquiring about ways of checking for password complexity using visual basic scripting. One very effective and, in my book, very efficient way to accomplish this task is using Regular Expressions.

What are Regular Expressions?

Regular expressions, commonly known as regex or regexp, are a set of key combinations that are meant to allow people to have a large variety of control over what they are searching for. A regular expression, often called a pattern, is an expression that describes a set of strings. They are usually used to give a concise description of a set, without having to list all elements. (Source: wikipedia.org)

The power of Regular Expressions

Regular Expressions are a neat way to perform powerful, fast and effective string pattern matching and replacing. Starting with VBScript Version 5.0, the RegExp object is made available for developers. 

The most commonly used types of regular expressions matching include character matching, repetition matching, and position matching.

Character matching is, as the term suggests, searching for a match within a string literal. In the example I have posted on the Technet, I used the RegExp Test method to validate the password given. This  method takes a string as its argument and returns True if the regular expression can successfully be matched against the string, otherwise False is returned.

Repetition matching, through the use of repetition operators or quantifiers, details how many times to search for a specified string. The operators are used in conjunction with character-matching syntax to search for multiple characters. By using repetition matching, we can specify the number of times an element may be repeated in a regular expression.

Symbol	Function
{x}	Match exactly x occurrences of a regular expression.    "\d{5}" matches 5 digits.
{x,}	Match x or more occurrences of a regular expression.    "\s{2,}" matches at least 2 space characters.
{x,y}	Matches x to y number of occurrences of a regular expression.    "\d{2,3}" matches at least 2 but no more than 3 digits.
?	Match zero or one occurrences. Equivalent to {0,1}.    "a\s?b" matches "ab" or "a b".
*	Match zero or more occurrences. Equivalent to {0,}.
+	Match one or more occurrences. Equivalent to {1,}.

Position matching involves the use of the ^ and $ to search for beginning or ending of strings. Setting the pattern property to "^Microsoft" will only successfully match "Microsoft makes cool products." But it will fail to match "I hate Microsoft."

Symbol	Function
^	Only match the beginning of a string. "^A" matches first "A" in "An A+ for Anita."
$	Only match the ending of a string. "t$" matches the last "t" in "A cat in the hat"
\b	Matches any word boundary "ly\b" matches "ly" in "possibly tomorrow."
\B	Matches any non-word boundary

Going back to the Technet forum post, I have posted a script which utilizes the RegExp object and a pattern matching loop to verify the complexity of the password inputted.