You have to use assertions (An assertion subpattern is matched in the normal way, except that it does not cause the current matching position to be changed)
for (i=0;i<toTest.length;i++) alert(toTest[i]+' '+rgx.test(toTest[i]));
We test, at first, one digit (?=.\d) which can be preceded with something or not. Then a alphabetic() characters and a non-alphabetic characters. This regular expression which do not change the matching position could be completed with a test about the minimal length of the password...
The test is wrong with \ which as a special meaning in a string.
(*) The use of \w ("word" character is any letter or digit !) which duplicate digit is wrong (the test is true with only digits and special characters) !