The form below has three input fields: username, pwd1 and pwd2. If a false value is returned then the form submission is cancelled.
The problem here is that you're making the password visible in the browser, browser cache, proxy, etc.
Again, you can use the form below to test this regular expression: Restricting which characters can be used is not good practice as punctuation and other symbols provide extra security.
You might implement this code on your own website as follows: As you can see, it's well worth learning the intricacies of regular expressions.
Otherwise your application needs to provide this function.
Passwords need to be stored encrypted in the database or elsewhere and any backups should also be encrypted.