I am useing -T but I need to use this data on the shell and hence it is tainted, what sort of regular expression can be run on a password other then (.*) as it feels weird to use that in a script that is supposed to do authentication......

Check out Ovid's excellent CGI course for an approach to CGI security when using the shell to run commands which vary based on user input.