Description
Zxcvbn-PHP is a password strength estimator using pattern matching and minimum entropy calculation. Zxcvbn-PHP is based on the Javascript zxcvbn project from Dropbox and @lowe. "zxcvbn" is bad password, just like "qwerty" and "123456".
Zxcvbn PHP alternatives and similar libraries
Based on the "Passwords" category.
Alternatively, view Zxcvbn PHP alternatives based on common mentions on social networks and blogs.
-
Password Compat
Compatibility with the password_* functions that ship with PHP 5.5 -
PHP Password Lib
A library for generating and validating passwords -
Password-Generator
PHP Library to generate random passwords -
Password Validator
Validates passwords against PHP's password_hash function using PASSWORD_DEFAULT. Will rehash when needed, and will upgrade legacy passwords with the Upgrade decorator. -
Password Policy
A password policy enforcer for PHP and JavaScript -
GenPhrase
GenPhrase is a secure passphrase generator for PHP applications. -
phpass
Python implementation of the portable PHP password hashing framework
Collect and Analyze Billions of Data Points in Real Time
* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest.
Do you think we are missing an alternative of Zxcvbn PHP or a related project?
README
Zxcvbn-PHP is a password strength estimator using pattern matching and minimum entropy calculation. Zxcvbn-PHP is based on the the Javascript zxcvbn project from Dropbox and @lowe. "zxcvbn" is bad password, just like "qwerty" and "123456".
zxcvbn attempts to give sound password advice through pattern matching and conservative entropy calculations. It finds 10k common passwords, common American names and surnames, common English words, and common patterns like dates, repeats (aaa), sequences (abcd), and QWERTY patterns.
Installation
The library can be installed with Composer by adding it as a dependency to your composer.json file.
Via the command line run:
composer require bjeavons/zxcvbn-php
Or in your composer.json add
{
"require": {
"bjeavons/zxcvbn-php": "^1.0"
}
}
Then run composer update
on the command line and include the
autoloader in your PHP scripts so that the ZxcvbnPhp class is available.
require_once 'vendor/autoload.php';
Usage
use ZxcvbnPhp\Zxcvbn;
$userData = [
'Marco',
'[email protected]'
];
$zxcvbn = new Zxcvbn();
$weak = $zxcvbn->passwordStrength('password', $userData);
echo $weak['score']; // will print 0
$strong = $zxcvbn->passwordStrength('correct horse battery staple');
echo $strong['score']; // will print 4
echo $weak['feedback']['warning']; // will print user-facing feedback on the password, set only when score <= 2
// $weak['feedback']['suggestions'] may contain user-facing suggestions to improve the score
Scores are integers from 0 to 4:
- 0 means the password is extremely guessable (within 103 guesses), dictionary words like 'password' or 'mother' score a 0
- 1 is still very guessable (guesses < 106), an extra character on a dictionary word can score a 1
- 2 is somewhat guessable (guesses < 108), provides some protection from unthrottled online attacks
- 3 is safely unguessable (guesses < 1010), offers moderate protection from offline slow-hash scenario
- 4 is very unguessable (guesses >= 1010) and provides strong protection from offline slow-hash scenario
Acknowledgements
Thanks to:
- @lowe for the original Javascript Zxcvbn
- @Dreyer's port for reference for initial implementation
- @mkopinsky for major updates to keep in sync with upstream scoring
*Note that all licence references and agreements mentioned in the Zxcvbn PHP README section above
are relevant to that project's source code only.