README

Laravel Zxcvbn Password Validation Rule. Nothing more, nothing less.

For an introduction to Dropbox Zxcvbn, see the following link

https://dropbox.tech/security/zxcvbn-realistic-password-strength-estimation

Installation

You can install the package via composer:

composer require ziming/laravel-zxcvbn

You can publish the config file with:

php artisan vendor:publish --tag="zxcvbn-config"

This is the contents of the published config file. The default min score is set to 3.

<?php return [ // If you wish to override the default min score in the config, // you can do so by passing in a second argument to the ZxcvbnRule constructor. // e.g. new ZxcvbnRule([], 4) 'min_score' => env('ZXCVBN_MIN_SCORE', 3), ];

bjeavons/zxcvbn-php provides a good overview on the zxcvbn score.

Scores are integers from 0 to 4: - 0 means the password is extremely guessable (within 10^3 guesses), dictionary words like 'password' or 'mother' score a 0 - 1 is still very guessable (guesses < 10^6), an extra character on a dictionary word can score a 1 - 2 is somewhat guessable (guesses < 10^8), provides some protection from unthrottled online attacks - 3 is safely unguessable (guesses < 10^10), offers moderate protection from offline slow-hash scenario - 4 is very unguessable (guesses >= 10^10) and provides strong protection from offline slow-hash scenario 

Usage

// In your validation rules use Illuminate\Validation\Rules\Password; use Ziming\LaravelZxcvbn\Rules\ZxcvbnRule; [ 'name' => ['required'] 'email' => ['required', 'email'], 'password' => [ 'required', 'confirmed', 'min:8', new ZxcvbnRule([ request('email'), request('name'), ]), ], ]

## Testing ```bash composer test

Changelog

Please see CHANGELOG for more information on what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security Vulnerabilities

Please review our security policy on how to report security vulnerabilities.

Credits

• ziming
• All Contributors

License

The MIT License (MIT). Please see License File for more information.