I'm building a regex for password control. I'm trying to have the passwords have at least: 1 small letter, 1 capital letter, 1 number, and 1 special character, while having between 8 and 20 characters inclusive. All seems to work up to this point in testing, however, the 20 limit seems to work except that when I compare the 21 (or more) first password with the comparison password entered by the user, they are interpreted as being different when in fact they were entered the same. Any ideas?
#.*^(?=.{8,10})(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*\W).*$#
