Verify in Laravel Password is not Compromised in Data Leak

In this post, you will learn how to verify in Laravel Password validation if the password submitted is not in the data leak. Every day many websites have been hacked and passwords leaked publicly. So we need to learn if your password is still secured to use.

 

In the previous version of Laravel 8.x they released a feature that easy to validate if the password is compromised. You can visit my previous tutorial about Laravel strong password validation here.

 

 

Let's say you have a Request class already for your registration form. Inside of the rules() method let's add the password validation. See the following code below:

 

return [
    'password' => [
        'required',
        Password::min(8)
            ->uncompromised()
    ],
    'password_confirmation' => 'required|same:password'
];

 

As you can see using Password::min(8)->uncompromised() you will easily determine if your password has been leaked and if still secured to use.

 

Take note that calling this method will take a few seconds because behind the scene this method will call an API to validate it.

 

That's it I hope it helps. Thank you.