Search by 
philiprehberger / php-password-strength
Password strength validation with entropy calculation and common password detection
Maintainers
Package info
github.com/philiprehberger/php-password-strength
pkg:composer/philiprehberger/php-password-strength
Fund package maintenance!
v1.2.0
2026-03-28 01:58 UTC
Requires
- php: ^8.2
Requires (Dev)
- laravel/pint: ^1.0
- phpstan/phpstan: ^1.12|^2.0
- phpunit/phpunit: ^11.0
README
Password strength validation with entropy calculation and common password detection.
Requirements
- PHP 8.2+
Installation
composer require philiprehberger/php-password-strength
Usage
Checking password strength
use PhilipRehberger\PasswordStrength\PasswordStrength; $result = PasswordStrength::check('MyP@ssw0rd!2026'); echo $result->score; // 0-4 echo $result->label(); // "very weak", "weak", "fair", "strong", or "very strong" echo $result->entropy; // Shannon entropy in bits echo $result->isCommon; // true if found in common passwords list echo $result->length; // Password length // Improvement suggestions foreach ($result->suggestions as $suggestion) { echo $suggestion; } // Array representation $array = $result->toArray();
Quick validation
use PhilipRehberger\PasswordStrength\PasswordStrength; // Returns true if score >= 3 (strong) if (PasswordStrength::isStrong('MyP@ssw0rd!2026')) { echo 'Password is strong enough.'; } // Custom minimum score if (PasswordStrength::isStrong('MyP@ssw0rd!2026', minScore: 4)) { echo 'Password is very strong.'; }
Detailed analysis
use PhilipRehberger\PasswordStrength\PasswordStrength; $report = PasswordStrength::analyze('MyP@ssw0rd!2026'); echo $report->score; // 0-4 echo $report->level; // "very weak", "weak", "fair", "strong", or "very strong" echo $report->length; // Password length echo $report->hasLowercase; // true echo $report->hasUppercase; // true echo $report->hasDigits; // true echo $report->hasSymbols; // true echo $report->hasRepeatedChars; // false echo $report->hasSequentialChars; // false echo $report->hasKeyboardPattern; // false
Custom dictionary
use PhilipRehberger\PasswordStrength\PasswordStrength; PasswordStrength::addDictionary(['company', 'acme', 'internal']); $result = PasswordStrength::check('acmepassword'); // Score reduced, suggestion: "Avoid dictionary words." PasswordStrength::clearDictionaries();
Personal context checking
use PhilipRehberger\PasswordStrength\PasswordStrength; $report = PasswordStrength::withContext(['john', 'john@example.com']) ->analyze('john2024!'); echo $report->hasPersonalContext; // true // Suggestion: "Avoid using personal information in your password"
Policy-based validation
use PhilipRehberger\PasswordStrength\PasswordPolicy; use PhilipRehberger\PasswordStrength\PasswordStrength; $policy = (new PasswordPolicy) ->minLength(10) ->requireUppercase() ->requireDigits() ->requireSymbols() ->minScore(3); // Using the policy directly $policy->check('MyP@ssw0rd!2026'); // true // Using the main class PasswordStrength::meetsPolicy('MyP@ssw0rd!2026', $policy); // true PasswordStrength::meetsPolicy('weak', $policy); // false
API
PasswordStrength
| Method | Description |
|---|---|
PasswordStrength::check(string $password): StrengthResult |
Analyse a password and return a result |
PasswordStrength::isStrong(string $password, int $minScore = 3): bool |
Returns true if the score meets the minimum |
PasswordStrength::analyze(string $password): StrengthReport |
Return a detailed strength report with analysis flags |
PasswordStrength::meetsPolicy(string $password, PasswordPolicy $policy): bool |
Check if a password satisfies a policy |
PasswordStrength::addDictionary(array $words): void |
Add custom dictionary words to check against |
PasswordStrength::clearDictionaries(): void |
Clear all custom dictionaries |
PasswordStrength::withContext(array $context): PendingAnalysis |
Create a pending analysis with personal context |
StrengthResult
| Property / Method | Type | Description |
|---|---|---|
score |
int |
Strength score from 0 to 4 |
entropy |
float |
Shannon entropy in bits |
isCommon |
bool |
Whether the password is in the common list |
length |
int |
Password length in characters |
suggestions |
array |
List of improvement suggestions |
label(): string |
— | Human label: very weak, weak, fair, strong, very strong |
toArray(): array |
— | Serialize to array |
StrengthReport
| Property | Type | Description |
|---|---|---|
score |
int |
Strength score from 0 to 4 |
level |
string |
Human-readable strength level |
hasLowercase |
bool |
Whether the password contains lowercase letters |
hasUppercase |
bool |
Whether the password contains uppercase letters |
hasDigits |
bool |
Whether the password contains digits |
hasSymbols |
bool |
Whether the password contains special characters |
hasRepeatedChars |
bool |
Whether the password has 3+ repeated characters in a row |
hasSequentialChars |
bool |
Whether the password has 3+ sequential characters |
hasKeyboardPattern |
bool |
Whether the password contains keyboard patterns |
length |
int |
Password length in characters |
hasPersonalContext |
bool |
Whether the password contains personal context information |
suggestions |
array |
List of improvement suggestions |
PendingAnalysis
| Method | Description |
|---|---|
analyze(string $password): StrengthReport |
Analyze a password with personal context applied |
PasswordPolicy
| Method | Description |
|---|---|
minLength(int $length): self |
Set minimum password length |
requireUppercase(): self |
Require at least one uppercase letter |
requireDigits(): self |
Require at least one digit |
requireSymbols(): self |
Require at least one special character |
minScore(int $score): self |
Set minimum strength score (0-4) |
check(string $password): bool |
Check if a password meets the policy |
Score Meanings
| Score | Label | Description |
|---|---|---|
| 0 | Very Weak | Trivial or common password |
| 1 | Weak | Low entropy or very short |
| 2 | Fair | Moderate entropy, room to improve |
| 3 | Strong | Good entropy and character variety |
| 4 | Very Strong | Excellent entropy and length |
Development
composer install vendor/bin/phpunit vendor/bin/pint --test
Support
If you find this project useful: