The go-to PHP IDE with extensive out-of-the-box support for Laravel and its ecosystem.

Laravel News Laravel News

Zxcvbn Php

Zxcvbn Php stats

Downloads
14M
Stars
855
Open Issues
27
Forks
115

View on GitHub →

Realistic password strength estimation PHP library based on Zxcvbn JS

Zxcvbn-PHP is a password strength estimator using pattern matching and minimum entropy calculation. Zxcvbn-PHP is based on the the Javascript zxcvbn project from Dropbox and @lowe. "zxcvbn" is bad password, just like "qwerty" and "123456".

zxcvbn attempts to give sound password advice through pattern matching and conservative entropy calculations. It finds 10k common passwords, common American names and surnames, common English words, and common patterns like dates, repeats (aaa), sequences (abcd), and QWERTY patterns.

Installation

The library can be installed with Composer by adding it as a dependency to your composer.json file.

Via the command line run: composer require bjeavons/zxcvbn-php

Or in your composer.json add

{
    "require": {
        "bjeavons/zxcvbn-php": "^1.0"
    }
}

Then run composer update on the command line and include the autoloader in your PHP scripts so that the ZxcvbnPhp class is available.

require_once 'vendor/autoload.php';

Usage

use ZxcvbnPhp\Zxcvbn;
 
$userData = [
  'Marco',
  'marco@example.com'
];
 
$zxcvbn = new Zxcvbn();
$weak = $zxcvbn->passwordStrength('password', $userData);
echo $weak['score']; // will print 0
 
$strong = $zxcvbn->passwordStrength('correct horse battery staple');
echo $strong['score']; // will print 4
 
echo $weak['feedback']['warning']; // will print user-facing feedback on the password, set only when score <= 2
// $weak['feedback']['suggestions'] may contain user-facing suggestions to improve the score

Scores are integers from 0 to 4:

  • 0 means the password is extremely guessable (within 10^3 guesses), dictionary words like 'password' or 'mother' score a 0
  • 1 is still very guessable (guesses < 10^6), an extra character on a dictionary word can score a 1
  • 2 is somewhat guessable (guesses < 10^8), provides some protection from unthrottled online attacks
  • 3 is safely unguessable (guesses < 10^10), offers moderate protection from offline slow-hash scenario
  • 4 is very unguessable (guesses >= 10^10) and provides strong protection from offline slow-hash scenario

Acknowledgements

Thanks to:

bjeavons photo
Cube

Laravel Newsletter

Join 40k+ other developers and never miss out on new tips, tutorials, and more.

Cube

Laravel Jobs

Explore hundreds of open positions today.

View all jobs

Bjeavons Zxcvbn Php Related Articles

Coaster CMS image

Coaster CMS

Read article

Partners

View all →
Typesense Search logo

Typesense Search

Typesense is an open source, blazing-fast search engine, optimized for helping you build delightful search experiences for your sites and apps. Natively integrated with Laravel Scout.

Typesense Search
Lucky Media logo

Lucky Media

Get Lucky Now - the ideal choice for Laravel Development, with over a decade of experience!

Lucky Media
Tinkerwell logo

Tinkerwell

The must-have code runner for Laravel developers. Tinker with AI, autocompletion and instant feedback on local and production environments.

Tinkerwell
PhpStorm logo

PhpStorm

The go-to PHP IDE with extensive out-of-the-box support for Laravel and its ecosystem.

PhpStorm
Honeybadger logo

Honeybadger

Simple developer-focused application monitoring for Laravel. Error tracking, log management, uptime monitoring, status pages, and more!

Honeybadger
Acquaint Softtech logo

Acquaint Softtech

Acquaint Softtech offers AI-ready Laravel developers who onboard in 48 hours at $3000/Month with no lengthy sales process and a 100 percent money-back guarantee.

Acquaint Softtech