Here is the simple idea: create three separate regular expressions, validate the input password four time against each of them and calculate the candidate password's score: how many non-failures? The password is good if number of non-failures is 3 or greater. That's it.
[EDIT]
Something like that:
System.Text.RegularExpressions.Regex[] criteria = new System.Text.RegularExpressions[] {
new System.Text.RegularExpressions.Regex("..."),
new System.Text.RegularExpressions.Regex("..."),
new System.Text.RegularExpressions.Regex("..."),
};
bool IsValidPassword(string value) {
int len = value.Length;
if (value < 6) || (value > 20) return false;
byte score = 0;
for (System.Text.RegularExpressions.Regex criterion in criteria)
if (criterion.IsMatch(value)
++score;
return score > 2;
}
—SA