Generate Secure, Memorable Passphrases in PHP with PHP Passphrase

Last updated on by

Generate Secure, Memorable Passphrases in PHP with PHP Passphrase image

Passphrases string together multiple random words like sphere-quartz-bright-flame to create credentials that are both secure and easy for humans to read and remember. PHP Passphrase, created by Nico Bleiler, generates these passphrases following the EFF's suggested method for passphrase generation by combining random words from the EFF long word list. The package mirrors Bitwarden's Rust implementation and includes built-in Laravel support, as well as standalone PHP usage.

The package is useful for applications that need to generate temporary passwords or recovery codes, or for any scenario where a human-readable, secure string is preferable to a random character sequence.

Main Features

PHP Passphrase includes several features for generating passphrases:

  • Bitwarden-compatible options for word count, separators, capitalization, and number inclusion
  • Uses EFF long word list (7,776 words) bundled and cached for fast generation
  • Custom word lists from files or arrays
  • Laravel integration with a service provider, facade, dependency injection, and publishable config
  • Standalone usage without Laravel or any framework

Getting Started

Install the package via Composer:

composer require nicobleiler/php-passphrase

Laravel will auto-discover the service provider. No additional setup is needed to start generating passphrases.

Generating Passphrases

Use the Passphrase facade to generate passphrases in Laravel:

use NicoBleiler\Passphrase\Facades\Passphrase;
 
// Default: 3 words, hyphen separator, no capitalize, no number
Passphrase::generate();
// "unadvised-stubble-squid"
 
// Customize the output
Passphrase::generate(
numWords: 5,
wordSeparator: '~',
capitalize: true,
includeNumber: true,
);
// "Reggae~Blip~Prayer~Tabasco~Football5"

Dependency Injection

The package registers PassphraseGenerator as a singleton in the Laravel container, so you can inject it into your classes:

use NicoBleiler\Passphrase\PassphraseGenerator;
 
class AuthController
{
public function __construct(
private PassphraseGenerator $passphrase,
) {}
 
public function temporaryPassword(): string
{
return $this->passphrase->generate(
numWords: 4,
capitalize: true,
includeNumber: true,
);
}
}

Standalone Usage

The package also works without Laravel. Create a PassphraseGenerator instance directly:

use NicoBleiler\Passphrase\PassphraseGenerator;
 
$generator = new PassphraseGenerator();
echo $generator->generate(); // "zone-statue-corporal"

Custom Word Lists

The WordList class supports loading words from files or arrays:

use NicoBleiler\Passphrase\WordList;
use NicoBleiler\Passphrase\PassphraseGenerator;
 
// From a file (plain text or EFF diceware format)
$wordList = WordList::fromFile('/path/to/wordlist.txt');
 
// From an array
$wordList = WordList::fromArray([
'pizza',
'whisk',
'juice',
'beyond',
'quartz',
'flame',
'vortex',
'bright',
'sphere',
]);
 
$generator = new PassphraseGenerator($wordList);
echo $generator->generate(numWords: 4);

In Laravel, you can point to a custom word list file through the published config:

php artisan vendor:publish --tag=passphrase-config

Then set the path in config/passphrase.php:

'word_list_path' => resource_path('wordlists/my-custom-list.txt'),

Configuration

The published config file lets you set default values for all generation options:

return [
'num_words' => 3,
'word_separator' => '-',
'capitalize' => false,
'include_number' => false,
 
// null = bundled EFF long word list
// Or set an absolute path to a custom word list file
'word_list_path' => null,
];

To learn more about PHP Passphrase and view the source code, visit the GitHub repository.

Yannick Lyn Fatt photo

Staff Writer at Laravel News and Full stack web developer.

Cube

Laravel Newsletter

Join 40k+ other developers and never miss out on new tips, tutorials, and more.

image
Acquaint Softtech

Hire Laravel developers with AI expertise at $20/hr. Get started in 48 hours.

Visit Acquaint Softtech
No Compromises logo

No Compromises

Joel and Aaron, the two seasoned devs from the No Compromises podcast, are now available to hire for your Laravel project. ⬧ Flat rate of $9500/mo. ⬧ No lengthy sales process. ⬧ No contracts. ⬧ 100% money back guarantee.

No Compromises
Shift logo

Shift

Running an old Laravel version? Instant, automated Laravel upgrades and code modernization to keep your applications fresh.

Shift
Laravel Cloud logo

Laravel Cloud

Easily create and manage your servers and deploy your Laravel applications in seconds.

Laravel Cloud
Harpoon: Next generation time tracking and invoicing logo

Harpoon: Next generation time tracking and invoicing

The next generation time-tracking and billing software that helps your agency plan and forecast a profitable future.

Harpoon: Next generation time tracking and invoicing
PhpStorm logo

PhpStorm

The go-to PHP IDE with extensive out-of-the-box support for Laravel and its ecosystem.

PhpStorm
Tinkerwell logo

Tinkerwell

The must-have code runner for Laravel developers. Tinker with AI, autocompletion and instant feedback on local and production environments.

Tinkerwell
Kirschbaum logo

Kirschbaum

Providing innovation and stability to ensure your web application succeeds.

Kirschbaum
Acquaint Softtech logo

Acquaint Softtech

Acquaint Softtech offers AI-ready Laravel developers who onboard in 48 hours at $3000/Month with no lengthy sales process and a 100 percent money-back guarantee.

Acquaint Softtech
SaaSykit: Laravel SaaS Starter Kit logo

SaaSykit: Laravel SaaS Starter Kit

SaaSykit is a Multi-tenant Laravel SaaS Starter Kit that comes with all features required to run a modern SaaS. Payments, Beautiful Checkout, Admin Panel, User dashboard, Auth, Ready Components, Stats, Blog, Docs and more.

SaaSykit: Laravel SaaS Starter Kit
Lucky Media logo

Lucky Media

Get Lucky Now - the ideal choice for Laravel Development, with over a decade of experience!

Lucky Media

The latest

View all →
Vocalizer: Local Text-to-Speech for PHP image

Vocalizer: Local Text-to-Speech for PHP

Read article
Build a Laravel Scout Search Endpoint With the HTTP QUERY Method image

Build a Laravel Scout Search Endpoint With the HTTP QUERY Method

Read article
Enforce Per-Action Waiting Periods in Laravel with Cooldown image

Enforce Per-Action Waiting Periods in Laravel with Cooldown

Read article
First-Party Image Processing in Laravel 13.20 image

First-Party Image Processing in Laravel 13.20

Read article
Laravel Legacy Bridge: Carry Authenticated Sessions from a Legacy App into Laravel image

Laravel Legacy Bridge: Carry Authenticated Sessions from a Legacy App into Laravel

Read article
Laravel Quota: Usage Budgets for Calendar Periods image

Laravel Quota: Usage Budgets for Calendar Periods

Read article