The new helper to generate secure passwords in Laravel 10.x
Oftentimes, you may need to generate a secure password for your users. And in such cases, you may use the Str::random()
method to generate a random string. But, the problem with this method is that it generates a random string that may not be secure enough.
So, in Laravel 10.x, a new helper method called Str::password()
has been introduced to generate secure passwords.
The password() helper
The new password()
helper is a new helper method that has been introduced in Laravel 10.x to generate secure passwords. And it’s pretty simple to use.
use Illuminate\Support\Str;
$password = Str::password();
// 'EbJo2vE-AS:U,$%_gkrV4n,q~1xy/-_4'
As you can tell, the password()
helper generates a secure password that is 32 characters long by default. You can also pass the length of the password as the first argument to the password()
helper.
$password = Str::password(10);
// 'EbJo2vE-AS'
Customizing the password
If you see the implementation of the password()
helper, you’ll see there are a couple more that you can pass in to customize it apart from the length of the password.
/**
* Generate a random, secure password.
*
* @param int $length
* @param bool $letters
* @param bool $numbers
* @param bool $symbols
* @param bool $spaces
* @return string
*/
public static function password($length = 32, $letters = true, $numbers = true, $symbols = true, $spaces = false)
{
return (new Collection)
->when($letters, fn ($c) => $c->merge([
'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k',
'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v',
'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G',
'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R',
'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z',
]))
->when($numbers, fn ($c) => $c->merge([
'0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
]))
->when($symbols, fn ($c) => $c->merge([
'~', '!', '#', '$', '%', '^', '&', '*', '(', ')', '-',
'_', '.', ',', '<', '>', '?', '/', '\\', '{', '}', '[',
']', '|', ':', ';',
]))
->when($spaces, fn ($c) => $c->merge([' ']))
->pipe(fn ($c) => Collection::times($length, fn () => $c[random_int(0, $c->count() - 1)]))
->implode('');
}
As you can see, the password()
helper generates a password that contains letters, numbers, symbols, and spaces by default. But, you can also customize this by passing the second to fifth arguments to the password()
helper.
For instance, if you want to generate a password that contains only numbers, you can do so by passing true
to the third and making the rest of the arguments false
like so.
$password = Str::password(10, false, true, false, false);
// '1234567890'
Like this article?
Buy me a coffee👋 Hi there! I'm Amit. I write articles about all things web development. You can become a sponsor on my blog to help me continue my writing journey and get your brand in front of thousands of eyes.