Regexes can get pretty complex, but that one's simple:
[A-Za-z]{3}
[ ] The square brackets say "any character in this set"
A-Z "Any uppercase character"
or
a-z "Any lowercase character"
{ } The curly brackets say "Repeat the previous item a specific number of times"
3 "Exactly three times"
So the whole regex means "any three upper or lower case letters"
If you want to experiment with Regexes, get a copy of
Expresso[
^] - it's free, and it examines, explains, and generates Regular expressions.
There are also some very good whole books on Regeexs:
regexes book - Google Search[
^] which will explain teh detailed complexities a lot better than we can in a little text box!
But ... Regexes are a tool, and in the case they are a pattern matching tool. They have to be used in the right place, and that is for text matching operations - they are not good atr string evaluation. So if you want a password rule like "seven or more characters minimum" that's fine:
.{7,}
"Any character, at least seven of them".
But if your rule is "seven or more characters minimum, must include at least one upper case, one digit, and a special character" Then a regex is the wrong tool, because it's can't "count" and process the line, so teh regex becomes horribly complicated and impossible to maintain. Password rules should be coded in actual code, possibly using a number of regexes to gather the info: one for "how many upper case", one for "how many lower case", another for "how many digits", and a final one for "how many special characters". Those numbers then get used by the code to evaluate the rules.