Zxcvbn Password validation rule for Laravel

#Zxcvbn Password validation rule for Laravel

Laravel Zxcvbn Password Validation Rule. Nothing more, nothing less.

For an introduction to Dropbox Zxcvbn, see the following link

https://dropbox.tech/security/zxcvbn-realistic-password-strength-estimation

#Installation

You can install the package via composer:

composer require ziming/laravel-zxcvbn

You can publish the config file with:

php artisan vendor:publish --tag="zxcvbn-config"

This is the contents of the published config file. The default min score is set to 3.

<?php
 
return [
    // If you wish to override the default min score in the config,
    // you can do so by passing in a second argument to the ZxcvbnRule constructor.
    // e.g. new ZxcvbnRule([], 4)
    'min_score' => env('ZXCVBN_MIN_SCORE', 3),
];

bjeavons/zxcvbn-php provides a good overview on the zxcvbn score.

Scores are integers from 0 to 4:
 
- 0 means the password is extremely guessable (within 10^3 guesses), dictionary words like 'password' or 'mother' score a 0
- 1 is still very guessable (guesses < 10^6), an extra character on a dictionary word can score a 1
- 2 is somewhat guessable (guesses < 10^8), provides some protection from unthrottled online attacks
- 3 is safely unguessable (guesses < 10^10), offers moderate protection from offline slow-hash scenario
- 4 is very unguessable (guesses >= 10^10) and provides strong protection from offline slow-hash scenario

#Usage

// In your validation rules
use Illuminate\Validation\Rules\Password;
use Ziming\LaravelZxcvbn\Rules\ZxcvbnRule;
 
[
    'name' => ['required']
    'email' => ['required', 'email'],
    'password' => [
        'required',
        'confirmed',
        'min:8',
        new ZxcvbnRule([
            request('email'),
            request('name'),
        ]),
    ],
]

 
## Testing
 
```bash
composer test

#Changelog

Please see CHANGELOG for more information on what has changed recently.

#Contributing

Please see CONTRIBUTING for details.

#Security Vulnerabilities

Please review our security policy on how to report security vulnerabilities.

#Credits

• ziming
• All Contributors

#License

The MIT License (MIT). Please see License File for more information.