I need to check every user on my laravel project to see if their password is unsafe. For example, check if their password is simply "password", if so i would change it and send it to their email.
Is it possible?
Asked
Active
Viewed 52 times
0
-
3This should be done when the User is registering. If you didn't have a Password Complexity rule in place previously, you can simply bulk email everyone to let them know they should consider changing it now that you do. If you're properly `Hash`-ing Passwords in Laravel, then you would have to try a bunch of "weak" combinations against them using `Hash::check()`, which is insanity beyond a handful of Users. If you're not hashing password, then you have a much bigger issue. – Tim Lewis Oct 27 '22 at 17:39
-
You can also shim in a check during user log-in and either suggest that they change it, or force it. Also, do not email passwords as email is _wildly_ insecure. If anything, invalidate the password and send them instructions on the password reset workflow. – Sammitch Oct 27 '22 at 18:33
1 Answers
-2
This post has a regex that checks for a safe password
Laravel password validation rule
Your regular expression would look like this:
^.*(?=.{3,})(?=.*[a-zA-Z])(?=.*[0-9])(?=.*[\d\x])(?=.*[!$#%]).*$
Hope it helps you
Nicolas D'Andrea
- 1
- 1
-
Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Oct 31 '22 at 10:38