diff --git a/xml/System.Web.Security/Membership.xml b/xml/System.Web.Security/Membership.xml
index a509921da41..aa964f8f036 100644
--- a/xml/System.Web.Security/Membership.xml
+++ b/xml/System.Web.Security/Membership.xml
@@ -1699,11 +1699,15 @@
 ## Examples  
  The following code example shows the [membership](https://docs.microsoft.com/previous-versions/dotnet/netframework-4.0/1b9hw62f(v%3dvs.100)) configuration element in the `system.web` section of the application's Web.config file. It specifies that the application use an instance of the <xref:System.Web.Security.SqlMembershipProvider> class to provide membership services, and sets the `passwordStrengthRegularExpression` attribute to a regular expression that validates the password meets the following criteria:  
   
--   Is greater than seven characters.  
+-   Is at least six characters long.
   
--   Contains at least one digit.  
+-   Contains at least one digit.
   
--   Contains at least one special (non-alphanumeric) character.  
+-   Contains at least one special (non-alphanumeric) character.
+
+-   Contains at least one lowercase letter.
+
+-   Contains at least one uppercase letter.
   
  If the password does not meet these criteria, the password is not accepted by the membership provider.  
   
@@ -1716,7 +1720,7 @@
       type="System.Web.Security.SqlMembershipProvider"  
       connectionStringName="SqlServices"  
       requiresQuestionAndAnswer="true"  
-      passwordStrengthRegularExpression=" @\"(?=.{6,})(?=(.*\d){1,})(?=(.*\W){1,})"  
+      passwordStrengthRegularExpression="(?=.{6,})(?=(.*\d){1,})(?=(.*\W){1,})(?=.*[a-z])(?=.*[A-Z])"  
       />  
    </providers>  
 </membership>