regex for weak password

I need a regular expression that checks that a password does not equal certain words (e.g. password and 12345). I have tried a few combinations but am having trouble with the negation.

It is for a DataAnnotations validation attri开发者_高级运维bute if that is relevant.

Negation in Regex works best with negative lookaheads like

"^(?!password)(?!12345)"

However, I think users can be quite clever when creating bad passwords, and creating an expression that catches them all will be quite difficult.

Do you really want to accomplish this using a regular expression? The more "weak" words you come up with, the longer and more confusing the regex will get. Why not just create a list of unaccepted words, and use a loop/LINQ to check if the password contains any of them? It'll still be plenty fast and easy to read.

One thing that neither the regex you're asking for, or my solution above takes care of is detecting n number of consecutive numbers/characters. Are you just looking for 12345? Or are you looking for something that will also detect strings like 1234567, 1234, or 56789? That will require some extra work.