PHPackages                             cndrsdrmn/passwords - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. cndrsdrmn/passwords

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

cndrsdrmn/passwords
===================

Override and extend Laravel's password reset to support OTP-style 6-digit tokens with verification state.

v1.1.0(10mo ago)03MITPHPPHP ^8.3CI passing

Since Mar 18Pushed 10mo ago1 watchersCompare

[ Source](https://github.com/cndrsdrmn/passwords)[ Packagist](https://packagist.org/packages/cndrsdrmn/passwords)[ Docs](https://github.com/cndrsdrmn/passwords)[ RSS](/packages/cndrsdrmn-passwords/feed)WikiDiscussions 1.x Synced today

READMEChangelog (4)Dependencies (5)Versions (6)Used By (0)

Laravel Auth Passwords - OTP Password Reset
===========================================

[](#laravel-auth-passwords---otp-password-reset)

A streamlined OTP password reset for your Laravel application. This package seamlessly integrates with the Password facade, so you can add a 6-digit OTP and a crucial verification step, managed by a new markVerified method, without changing your existing code. It just works.

Installation
------------

[](#installation)

You can install the package via Composer:

```
composer require cndrsdrmn/passwords
```

The service provider is auto-discovered. If you have disabled auto-discovery, you'll need to manually register it in your `bootstrap/providers.php`:

```
return [
    // ...
    Cndrsdrmn\Passwords\PasswordsServiceProvider::class,
],
```

After installation, run the migrations to create the necessary table:

```
php artisan migrate
```

You can optionally publish the migrations and translations if you need to customize them:

```
php artisan vendor:publish --tag=passwords-migrations
php artisan vendor:publish --tag=passwords-lang
```

Configuration
-------------

[](#configuration)

This package uses the standard Laravel password configuration. You can find more details about configuring the password broker in the official [Laravel documentation](https://laravel.com/docs/12.x/passwords#configuration).

Quickstart
----------

[](#quickstart)

This package extends Laravel's default password broker by introducing a `markVerified` method. This adds an essential validation step before a password can be reset.

Before the user can reset their password, you must verify the OTP they provide. The package adds a new `markVerified` method to the broker, which you can call directly from the facade.

```
use Cndrsdrmn\Passwords\Contracts\OtpPasswordBroker as OtpBrokerContract;
use Illuminate\Support\Facades\Password;

$status = Password::markVerified([
    'email' => $request->email,
    'token' => $request->input('otp'),
]);

if ($status !== OtpBrokerContract::VERIFIED_TOKEN) {
    return back()->withErrors(['token' => __($status)]);
}
```

For the rest of the password reset flow, you can follow the instructions in the official [Laravel documentation](https://laravel.com/docs/12.x/passwords#routing).

License
-------

[](#license)

This package is open-sourced software licensed under The MIT License (MIT). See the [LICENSE](./LICENSE) file for more details.

Credits
-------

[](#credits)

- Built by: Candra Sudirman
- Inspired by: This package is inspired by the secure and flexible design of Laravel's core authentication and password reset systems.
- Package Template: [Skeleton PHP](https://github.com/nunomaduro/skeleton-php)

###  Health Score

33

—

LowBetter than 72% of packages

Maintenance55

Moderate activity, may be stable

Popularity3

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity57

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~43 days

Total

5

Last Release

303d ago

Major Versions

v0.2.0 → v1.0.02025-08-29

### Community

Maintainers

![](https://www.gravatar.com/avatar/e6241ea6ad620ee6d8fc3d3bac59afcad6c05ad00f4184da528eb44e69236789?d=identicon)[cndrsdrmn](/maintainers/cndrsdrmn)

---

Top Contributors

[![cndrsdrmn](https://avatars.githubusercontent.com/u/19147653?v=4)](https://github.com/cndrsdrmn "cndrsdrmn (10 commits)")

---

Tags

laravelotpauthpasswordspassword-reset

###  Code Quality

TestsPest

Static AnalysisPHPStan, Rector

Code StyleLaravel Pint

### Embed Badge

![Health badge](/badges/cndrsdrmn-passwords/health.svg)

```
[![Health](https://phpackages.com/badges/cndrsdrmn-passwords/health.svg)](https://phpackages.com/packages/cndrsdrmn-passwords)
```

###  Alternatives

[lakm/nopass

Provides passwordless authentication for your laravel projects.

2215.9k3](/packages/lakm-nopass)[orchestra/auth

Auth Component for Orchestra Platform

23108.7k3](/packages/orchestra-auth)[codebot/entrust

This package provides a flexible way to add Role-based Permissions to Laravel

15102.0k](/packages/codebot-entrust)[ingria/laravel-x509-auth

Laravel 5 Client Certificate auth middleware

375.7k](/packages/ingria-laravel-x509-auth)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
