dotnet · gewarren · Mar 6, 2024 · Dec 3, 2023 · Dec 4, 2023
diff --git a/xml/System.Web.Security/Membership.xml b/xml/System.Web.Security/Membership.xml
@@ -1699,11 +1699,15 @@
 ## Examples  
  The following code example shows the [membership](https://docs.microsoft.com/previous-versions/dotnet/netframework-4.0/1b9hw62f(v%3dvs.100)) configuration element in the `system.web` section of the application's Web.config file. It specifies that the application use an instance of the <xref:System.Web.Security.SqlMembershipProvider> class to provide membership services, and sets the `passwordStrengthRegularExpression` attribute to a regular expression that validates the password meets the following criteria:  
 
--   Is greater than seven characters.  
+-   Is at least six characters long.
 
--   Contains at least one digit.  
+-   Contains at least one digit.
 
--   Contains at least one special (non-alphanumeric) character.  
+-   Contains at least one special (non-alphanumeric) character.
+
+-   Contains at least one lowercase letter.
+
+-   Contains at least one uppercase letter.
 
  If the password does not meet these criteria, the password is not accepted by the membership provider.  
 
@@ -1716,7 +1720,7 @@
       type="System.Web.Security.SqlMembershipProvider"  
       connectionStringName="SqlServices"  
       requiresQuestionAndAnswer="true"  
-      passwordStrengthRegularExpression=" @\"(?=.{6,})(?=(.*\d){1,})(?=(.*\W){1,})"  
+      passwordStrengthRegularExpression="(?=.{6,})(?=(.*\d){1,})(?=(.*\W){1,})(?=.*[a-z])(?=.*[A-Z])"  
       />  
    </providers>  
 </membership>