Password Strength Estimator Validation in Laravel

Last updated on by

Password Strength Estimator Validation in Laravel image

The Laravel Zxcvbn package is a validation rule that estimates password strength using a PHP port of Dropbox's dropbox/zxcvbn JS package. It considers using user inputs as well to determine a score for password guessability:

// In your validation rules
use Illuminate\Validation\Rules\Password;
use Ziming\LaravelZxcvbn\Rules\ZxcvbnRule;
 
$request->validate([
'name' => ['required']
'email' => ['required', 'email'],
'password' => [
'required',
'confirmed',
'min:8',
new ZxcvbnRule([
request('email'),
request('name'),
]),
],
]);
 
// Examples using zxcvbn-php
$weak = $zxcvbn->passwordStrength('password', $userData); // 0 - extremely guessable
$strong = $zxcvbn->passwordStrength('correct horse battery staple'); // 4 - very unguessable

You can define a ZXCVBN_MIN_SCORE configuration value to determine when validation should fail, based on this scale provided by the underlying zxcvbn-php package. The default is 3 but depending on your needs, you can configure it to match any of the following:

  • 0 means the password is extremely guessable (within 10^3 guesses), dictionary words like 'password' or 'mother' score a 0
  • 1 is still very guessable (guesses < 10^6), an extra character on a dictionary word can score a 1
  • 2 is somewhat guessable (guesses < 10^8), provides some protection from unthrottled online attacks
  • 3 is safely unguessable (guesses < 10^10), offers moderate protection from offline slow-hash scenario
  • 4 is very unguessable (guesses >= 10^10) and provides strong protection from offline slow-hash scenario

💻 You can get started with this package on GitHub: ziming/laravel-zxcvbn.

It's important to remember that Laravel has excellent password rules out of the box, including the ability to ensure a password was not present in a previous data leak. See the validation documentation for more details:

use Illuminate\Validation\Rules\Password;
 
Password::min(8)
->letters()
->mixedCase()
->numbers()
->symbols()
->uncompromised();
Paul Redmond photo

Staff writer at Laravel News. Full stack web developer and author.

Cube

Laravel Newsletter

Join 40k+ other developers and never miss out on new tips, tutorials, and more.

image
Tinkerwell

Enjoy coding and debugging in an editor designed for fast feedback and quick iterations. It's like a shell for your application – but with multi-line editing, code completion, and more.

Visit Tinkerwell
Shift logo

Shift

Running an old Laravel version? Instant, automated Laravel upgrades and code modernization to keep your applications fresh.

Shift
PhpStorm logo

PhpStorm

The go-to PHP IDE with extensive out-of-the-box support for Laravel and its ecosystem.

PhpStorm
Laravel Cloud logo

Laravel Cloud

Easily create and manage your servers and deploy your Laravel applications in seconds.

Laravel Cloud
SaaSykit: Laravel SaaS Starter Kit logo

SaaSykit: Laravel SaaS Starter Kit

SaaSykit is a Multi-tenant Laravel SaaS Starter Kit that comes with all features required to run a modern SaaS. Payments, Beautiful Checkout, Admin Panel, User dashboard, Auth, Ready Components, Stats, Blog, Docs and more.

SaaSykit: Laravel SaaS Starter Kit
No Compromises logo

No Compromises

Joel and Aaron, the two seasoned devs from the No Compromises podcast, are now available to hire for your Laravel project. ⬧ Flat rate of $9500/mo. ⬧ No lengthy sales process. ⬧ No contracts. ⬧ 100% money back guarantee.

No Compromises
Lucky Media logo

Lucky Media

Get Lucky Now - the ideal choice for Laravel Development, with over a decade of experience!

Lucky Media
Acquaint Softtech logo

Acquaint Softtech

Acquaint Softtech offers AI-ready Laravel developers who onboard in 48 hours at $3000/Month with no lengthy sales process and a 100 percent money-back guarantee.

Acquaint Softtech
Harpoon: Next generation time tracking and invoicing logo

Harpoon: Next generation time tracking and invoicing

The next generation time-tracking and billing software that helps your agency plan and forecast a profitable future.

Harpoon: Next generation time tracking and invoicing
Kirschbaum logo

Kirschbaum

Providing innovation and stability to ensure your web application succeeds.

Kirschbaum
Tinkerwell logo

Tinkerwell

The must-have code runner for Laravel developers. Tinker with AI, autocompletion and instant feedback on local and production environments.

Tinkerwell

The latest

View all →
Laravel Quota: Usage Budgets for Calendar Periods image

Laravel Quota: Usage Budgets for Calendar Periods

Read article
Find the Security Vulnerabilities in Your Laravel App with Sensagraph image

Find the Security Vulnerabilities in Your Laravel App with Sensagraph

Read article
Uvora: A macOS Menu Bar App for Finding Laravel Projects image

Uvora: A macOS Menu Bar App for Finding Laravel Projects

Read article
Passwordless Sign-In with Fortify Two-Factor Support in Laravel image

Passwordless Sign-In with Fortify Two-Factor Support in Laravel

Read article
Intercept: Middleware Guardrails for Laravel AI Agents image

Intercept: Middleware Guardrails for Laravel AI Agents

Read article
AI Review for Laravel Upgrades image

AI Review for Laravel Upgrades

Read article