DEV Community

Yasser Elgammal
Yasser Elgammal

Posted on

Enforcing Strong Passwords in Laravel

Securing user accounts starts with strong passwords, and Laravel makes this easier by providing a Password validation rule.

This built-in feature allows you to enforce robust password policies to improve application security. Let’s explore how you can use this feature effectively.

Using the Password Validation Rule
The Password rule in Laravel includes several methods to enforce password complexity. Here’s a quick example:

Example in a Form Request

use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Validation\Rules\Password;

class RegisterRequest extends FormRequest
{
    public function rules()
    {
        return [
    'password' => [
        'required',
        'string',
        Password::min(8) // Minimum length of 8 characters
            ->mixedCase() // Must include both uppercase and lowercase letters
            ->letters()   // Must include at least one letter
            ->numbers()   // Must include at least one number
            ->symbols()   // Must include at least one symbol
            ->uncompromised(), // Checks against known data breaches
    ],
        ];
    }
}
Enter fullscreen mode Exit fullscreen mode

Explanation of Methods

  • min(8): Sets the minimum password length.
  • mixedCase(): Requires at least one uppercase and one lowercase letter.
  • letters(): Ensures at least one alphabetic character is present.
  • numbers(): Enforces at least one numeric digit.
  • symbols(): Requires at least one special character (e.g., @, #, $).
  • uncompromised(): Validates the password against the Have I Been Pwned database to ensure it hasn’t been exposed in a data breach.

Customizing Validation Messages

To make the validation messages user-friendly, you can customize them in the validation.php language file:

// resources/lang/en/validation.php
'password' => [
    'letters' => 'The :attribute must contain at least one letter.',
    'mixed' => 'The :attribute must contain at least one uppercase and one lowercase letter.',
    'numbers' => 'The :attribute must contain at least one number.',
    'symbols' => 'The :attribute must contain at least one symbol.',
    'uncompromised' => 'The :attribute has been compromised. Please choose a different :attribute.',
],
Enter fullscreen mode Exit fullscreen mode

This ensures users receive clear feedback when their password doesn’t meet the requirements.

That's All, if you looking for a simple way to make a strong password, visit my previous article "Generate Random password in Laravel"

Conclusion

By leveraging Laravel’s Password validation rule, you can enforce strong password policies with minimal effort. This not only enhances security but also provides a better user experience.

Billboard image

Imagine monitoring that's actually built for developers

Join Vercel, CrowdStrike, and thousands of other teams that trust Checkly to streamline monitor creation and configuration with Monitoring as Code.

Start Monitoring

Top comments (0)

Image of AssemblyAI

Automatic Speech Recognition with AssemblyAI

Experience near-human accuracy, low-latency performance, and advanced Speech AI capabilities with AssemblyAI's Speech-to-Text API. Sign up today and get $50 in API credit. No credit card required.

Try the API

👋 Kindness is contagious

Explore a sea of insights with this enlightening post, highly esteemed within the nurturing DEV Community. Coders of all stripes are invited to participate and contribute to our shared knowledge.

Expressing gratitude with a simple "thank you" can make a big impact. Leave your thanks in the comments!

On DEV, exchanging ideas smooths our way and strengthens our community bonds. Found this useful? A quick note of thanks to the author can mean a lot.

Okay