How to Stop Users from Using Weak Passwords in Laravel 12
Passwords like 123456, 123123, password, qwerty are very weak and easy to guess. If someone uses these kinds of passwords, their account can be hacked very easily. In this tutorial, i will share how to stop users from registering with weak passwords in a Laravel 12 application.
We will create a custom validation rule that checks if the password is common, and if yes, it will show an error message.
Steps to Prevent Weak Passwords in Laravel 12
Step 1: Install Laravel 12
If you don’t already have a Laravel project, create one with this command
composer create-project laravel/laravel prevent-weak-password
Step 2: Create Custom Validation Rule
In his step we need a custom rule that will check the entered password.
To create a custom rule run this command:
php artisan make:rule PreventCommonPassword
Now, open the file and update it with this code:
app/Rules/PreventCommonPassword.php
<?php
namespace App\Rules;
use Closure;
use Illuminate\Contracts\Validation\ValidationRule;
class PreventCommonPassword implements ValidationRule
{
public function validate(string $attribute, mixed $value, Closure $fail): void
{
$commonPasswords = [
'123456',
'123456789',
'12345678',
'password',
'qwerty',
'abc123',
'111111',
'123123',
'12345',
'1234',
'iloveyou',
'dragon',
'sunshine',
'football',
'monkey',
'welcome',
'admin',
'test'
'demo',
];
if (in_array($value, $commonPasswords)) {
$fail('This password is too weak. Please choose a stronger one.');
}
}
}
This list contains common weak passwords. You can add any weak password in this list. If a user tries to use one of them, they will get an error.
Step 3: Add Authentication Scaffold
Now, we need login and register pages. Install Laravel UI and generate auth:
composer require laravel/ui
php artisan ui bootstrap --auth
npm install
npm run build
This will create the register, login, and home pages.
Step 4: Use Validation Rule in Registration
Open the file:
app/Http/Controllers/Auth/RegisterController.php
Find the validator() method and update it like this:
protected function validator(array $data)
{
return Validator::make($data, [
'name' => ['required', 'string', 'max:255'],
'email' => ['required', 'string', 'email', 'max:255', 'unique:users'],
'password' => [
'required',
'string',
'min:8',
'confirmed',
new \App\Rules\PreventCommonPassword
],
]);
}
Now, when a user tries to register, Laravel will check if the password is weak. If yes, it will stop them.
Step 5: Run Laravel App
Start your Laravel project:
php artisan serve
Now, open this link in your browser:
http://localhost:8000/register
Try to register with a password like 123456 or password. You will see an error saying:
“This password is too weak. Please choose a stronger one.”
That’s it! You have successfully prevented users from using weak passwords in Laravel 12.
You May Also Like Bellow Articles:
Laravel live search data in a table using ajax.
How to send SMS in laravel using Twilio SMS API-Webjourney
Laravel pdf invoice generate and download with barryvdh dompdf
How to create multi language website by laravel
Laravel 11 multiple form validation on the same page-WebJourney
Laravel 10,11 Breeze Authentication - WebJourney
Laravel 11 Ajax jQuery Crud with Pagination and Live Search
Laravel Naming Conventions Accepted by Laravel community
Laravel Shorter and More Readable Syntax - WebJourney