Laravel Zxcvbn Password Validation Rule. Nothing more, nothing less.
For an introdution to Zxcvbn, see the following link
https://dropbox.tech/security/zxcvbn-realistic-password-strength-estimation
You can install the package via composer:
composer require ziming/laravel-zxcvbnYou can publish the config file with:
php artisan vendor:publish --tag="zxcvbn-config"This is the contents of the published config file. The default min score is set to 3.
<?php
return [
// If you wish to override the default min score in the config,
// you can do so by passing in a second argument to the ZxcvbnRule constructor.
// e.g. new ZxcvbnRule([], 4)
'min_score' => env('ZXCVBN_MIN_SCORE', 3),
];bjeavons/zxcvbn-php provides a good overview on the zxcvbn score.
Scores are integers from 0 to 4:
- 0 means the password is extremely guessable (within 10^3 guesses), dictionary words like 'password' or 'mother' score a 0
- 1 is still very guessable (guesses < 10^6), an extra character on a dictionary word can score a 1
- 2 is somewhat guessable (guesses < 10^8), provides some protection from unthrottled online attacks
- 3 is safely unguessable (guesses < 10^10), offers moderate protection from offline slow-hash scenario
- 4 is very unguessable (guesses >= 10^10) and provides strong protection from offline slow-hash scenario
// In your validation rules
use Illuminate\Validation\Rules\Password;
use Ziming\LaravelZxcvbn\Rules\ZxcvbnRule;
[
'name' => ['required']
'email' => ['required', 'email'],
'password' => [
'required',
'confirmed',
'min:8',
new ZxcvbnRule([
request('email'),
request('name'),
]),
],
]## Testing
```bash
composer testPlease see CHANGELOG for more information on what has changed recently.
Please see CONTRIBUTING for details.
Please review our security policy on how to report security vulnerabilities.
The MIT License (MIT). Please see License File for more information.