gabrielesbaiz / password-toolkit
A lightweight helper package to generate nice passwords.
Maintainers
Fund package maintenance!
Requires
- php: ^8.0
- illuminate/contracts: ^10.0||^11.0||^12.0
- spatie/laravel-package-tools: ^1.16
Requires (Dev)
- laravel/pint: ^1.14
- nunomaduro/collision: ^8.1.1||^7.10.0
- orchestra/testbench: ^10.0.0||^9.0.0||^8.22.0
- pestphp/pest: ^3.0
- pestphp/pest-plugin-arch: ^3.0
- pestphp/pest-plugin-laravel: ^3.0
- pestphp/pest-plugin-watch: ^3.0
README
Generate memorable, human-friendly passwords with style β
Goldrake-Mitico-4271,Ferrari-Veloce-9912,Cannolo-Goloso-3301. No morexK#9$!qZ.
PasswordToolkit is a tiny, zero-dependency-friendly Laravel package that crafts passwords by mashing up curated names (Disney, Star Wars, Harry Potter, Studio Ghibli, Italian chefs, philosophers, Formula 1 drivers, Pixar, Game of Thrones, gelato flavors, pasta shapesβ¦) with gender-aware Italian adjectives, optional digits, and even leetspeak. Easy to remember. Fun to use. Battle-tested in real apps.
β¨ Features
- π 91 curated dictionaries (49 People + 42 Things) β pop-culture icons, Italian legends, foods, wines, cars and more
- π§ Gender-aware adjectives β agreement is correct (Italian/multilingual safe)
- π’ Optional digits at start, middle or end with configurable length
- π€ Leetspeak modes β
none,basic,advanced(901d24k3-M171c0-4271) - ποΈ Pick & mix categories β toggle each dictionary on/off via config
- πͺ Laravel-native β facade, service provider, auto-discovery
- πͺΆ Lightweight β pure PHP, only Spatie package-tools as runtime dep
- β Pest 3 test suite, Laravel 10/11/12 compatible
π¦ Installation
composer require gabrielesbaiz/password-toolkit
Publish the config:
php artisan vendor:publish --tag="password-toolkit-config"
π Quick start
use Gabrielesbaiz\PasswordToolkit\Facades\PasswordToolkit; PasswordToolkit::generate(); // => "Goldrake-Mitico-4271"
Or instantiate directly:
use Gabrielesbaiz\PasswordToolkit\PasswordToolkit; echo PasswordToolkit::generate();
Batch generation
PasswordToolkit::generate(10); // => ["Goldrake-Mitico-4271", "Vespa-Veloce-9921", ...] (array of 10) PasswordToolkit::generateManyWithReport(5); // => [['password' => '...', 'report' => StrengthReport], ...]
generate(1) (default) returns a string. generate(N) with N > 1 returns an array.
Sample output
All rows below show the same picked name (Goldrake) + adjective (Mitico) + number (4271), so you can compare exactly what each option changes.
| Config | Example |
|---|---|
| defaults | Goldrake-Mitico-4271 |
separator_symbol => '_' |
Goldrake_Mitico_4271 |
numbers_position => 'start' |
4271-Goldrake-Mitico |
numbers_position => 'middle' |
Goldrake-4271-Mitico |
leetspeak_conversion => 'basic' |
901d24k3-M171c0-4271 |
leetspeak_conversion => 'advanced' |
901d24|<3-|V|171<0-4271 |
add_numbers => false |
Goldrake-Mitico |
π Built-in dictionaries
π€ People (49)
| Dictionary | Example |
|---|---|
back_to_the_future |
Marty McFly |
cartoons |
Topolino |
disney_characters |
Cenerentola |
disney_villains |
Malefica |
game_of_thrones |
Jon Snow |
greek_mythology |
Zeus |
harry_potter |
Albus Silente |
hayao_miyazaki |
Totoro |
italian_actors |
Roberto Benigni |
italian_architects |
Renzo Piano |
italian_basketball_legends |
Dino Meneghin |
italian_chefs |
Gualtiero Marchesi |
italian_comedians |
Maccio Capatonda |
italian_cyclists |
Fausto Coppi |
italian_dj_producers |
Benny Benassi |
italian_explorers |
Cristoforo Colombo |
italian_fashion_designers |
Giorgio Armani |
italian_film_directors |
Federico Fellini |
italian_football_legends |
Roberto Baggio |
italian_inventors |
Guglielmo Marconi |
italian_journalists |
Indro Montanelli |
italian_mathematicians |
Leonardo Fibonacci |
italian_motogp_legends |
Valentino Rossi |
italian_musicians |
Lucio Battisti |
italian_nobel_prize_winners |
Grazia Deledda |
italian_olympic_legends |
Alberto Tomba |
italian_opera_composers |
Giuseppe Verdi |
italian_painters |
Amedeo Modigliani |
italian_poets |
Dante Alighieri |
italian_presidents_of_the_republic |
Sandro Pertini |
italian_racing_drivers |
Alberto Ascari |
italian_rappers |
Marracash |
italian_renaissance_artists |
Leonardo da Vinci |
italian_scientists |
Galileo Galilei |
italian_singers_classic |
Lucio Dalla |
italian_singers_modern |
Marco Mengoni |
italian_superheroes |
Diabolik |
italian_television_personalities |
Maria De Filippi |
italian_tennis_players |
Jannik Sinner |
italian_voice_actors |
Ferruccio Amendola |
italian_volleyball_legends |
Paola Egonu |
italian_writers |
Italo Calvino |
italian_youtubers |
Favij |
lupin_iii_characters |
Fujiko |
philosophers |
Cartesio |
pixar_characters |
Saetta McQueen |
roman_emperors |
Marco Aurelio |
roman_mythology |
Giove |
star_wars |
Luke Skywalker |
π Things (42)
| Dictionary | Example |
|---|---|
car_brands |
Ferrari |
coffee_brands |
Lavazza |
italian_aperitivi |
Negroni |
italian_breads |
Ciabatta |
italian_card_games |
Scopa |
italian_carnival_masks |
Arlecchino |
italian_cars |
Cinquecento |
italian_castles |
Castel del Monte |
italian_cheeses |
Parmigiano Reggiano |
italian_children_games_70s |
Subbuteo |
italian_children_games_80s |
Goldrake |
italian_children_games_90s |
Tamagotchi |
italian_children_games_2000s |
Winx Club |
italian_circus_terms |
Saltimbanco |
italian_cryptids_legends |
Befana |
italian_cured_meats |
Mortadella |
italian_dance_styles |
Tarantella |
italian_design_objects |
Arco |
italian_desserts |
Cannolo |
italian_dialect_words |
Guaglione |
italian_folk_instruments |
Mandolino |
italian_icecream_flavors |
Stracciatella |
italian_invented_words |
Petaloso |
italian_islands |
Pantelleria |
italian_lakes |
Garda |
italian_liqueurs |
Limoncello |
italian_monuments |
Colosseo |
italian_motorcycles |
Vespa |
italian_mountains |
Cervino |
italian_old_currencies |
Fiorino |
italian_old_jobs |
Arrotino |
italian_pasta_shapes |
Fusilli |
italian_pizza_types |
Margherita |
italian_progressive_rock_bands |
PFM |
italian_regional_foods |
Cacciucco |
italian_rivers |
Tevere |
italian_sea_creatures |
Polpo |
italian_street_foods |
Arancino |
italian_train_stations_classic |
Roma Termini |
italian_volcanoes |
Etna |
italian_wine_regions |
Chianti |
italian_wines |
Barolo |
Toggle each one in config/password-toolkit.php (true / false).
βοΈ Configuration
return [ 'name_types' => [ 'people' => [ /* 49 dictionaries β true/false */ ], 'things' => [ /* 42 dictionaries β true/false */ ], ], // Separator between segments. Any symbol, or null. 'separator_symbol' => '-', // Replace spaces in multi-word names with the separator (true) // or strip them entirely (false). 'name_separator' => true, // Append a random numeric segment. 'add_numbers' => true, 'numbers_digits' => 4, // length of the number 'numbers_position' => 'end', // start | middle | end // Leetspeak transform: 'no' | 'basic' | 'advanced'. 'leetspeak_conversion' => 'no', ];
Leetspeak cheat sheet
| char | basic | advanced |
|---|---|---|
| a | 4 |
4 |
| e | 3 |
3 |
| i / l | 1 |
1 |
| o | 0 |
0 |
| s | $ |
$ |
| m | β | |V| |
| w | β | \\/\\/ |
| n | β | |\\| |
advanced mode expands character count β useful for stricter length policies.
π‘οΈ Strength reporter
Two entry points:
use Gabrielesbaiz\PasswordToolkit\Facades\PasswordToolkit; // Score an arbitrary password (charset model) $report = PasswordToolkit::strength('Goldrake-Mitico-4271'); $report->score; // 0..4 $report->label; // very_weak | weak | fair | strong | very_strong $report->entropyBits; // float $report->charsetFlags; // ['lower'=>true,'upper'=>true,'digits'=>true,'symbols'=>true] $report->crackTimeHuman; // "12 years" // Generate + structural report (knowledge of dictionaries β more honest) ['password' => $pwd, 'report' => $report] = PasswordToolkit::generateWithReport(); $report->components; // ['name'=>x,'adjective'=>y,'number'=>z,'leetspeak_bonus'=>b,'total'=>t]
Score thresholds
| bits | score | label |
|---|---|---|
< 28 |
0 | very_weak |
28β35 |
1 | weak |
36β59 |
2 | fair |
60β127 |
3 | strong |
β₯ 128 |
4 | very_strong |
Crack time defaults to 1e10 guesses/sec (offline GPU vs fast hash). Override via config/password-toolkit.php:
'strength' => ['guesses_per_second' => 1e12],
The structural model accounts for the fact a dictionary-aware attacker only searches the package's pool space, not the full charset β usually a much lower (and more realistic) entropy figure.
π§ͺ Testing
composer test
π£οΈ Roadmap ideas
- Locale-aware adjective packs (EN / ES / FR)
- Custom user dictionaries via config
PRs welcome. π
π Changelog
See CHANGELOG.
π€ Contributing
See CONTRIBUTING.
π‘οΈ Security
β οΈ Memorable passwords trade entropy for usability. For high-security secrets (API keys, root creds) prefer Str::random() or random_bytes(). PasswordToolkit shines for user onboarding, default credentials, share links, demo accounts.
Report vulnerabilities via our security policy.
π Credits
π License
MIT.