PHPackages mikehall314/stupid-password - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. mikehall314/stupid-password ActiveLibrary[Security](/categories/security) mikehall314/stupid-password =========================== A library to check if your password appears in the top 10,000 most used passwords v1.2.0(1y ago)0270MITPHPPHP >=7.3 Since May 15Pushed 1y ago1 watchersCompare [ Source](https://github.com/mikehall314/stupid-passwords)[ Packagist](https://packagist.org/packages/mikehall314/stupid-password)[ RSS](/packages/mikehall314-stupid-password/feed)WikiDiscussions main Synced 3d ago READMEChangelogDependencies (2)Versions (6)Used By (0) Is that password stupid? ======================== [](#is-that-password-stupid) This is a very simple library which lets you know if a password a user has chosen is stupid. The definition of "stupid" in this case, is that it appears as one of the top 10,000 most common passwords in the world. The passwords were compiled from various data breaches. How to use it ============= [](#how-to-use-it) ``` use Stupid\Password; // Returns a boolean $passwordIsStupid = Password::isStupid($password); ``` How it works ============ [](#how-it-works) The library maintains an internal list of SHA1 hashes of the top 10,000 passwords. When a password is tested, it is SHA'd and then checked against the password list. SHA1? Isn't that like, hella broken? ------------------------------------ [](#sha1-isnt-that-like-hella-broken) For cryptographic purposes, yes, but this isn't about cryptography. SHA1 is nice and fast, and means we can quickly check if the password is on the list without having to actually include a load of passwords in this lib. I can just reverse the passwords from the SHAs though ----------------------------------------------------- [](#i-can-just-reverse-the-passwords-from-the-shas-though) Go crazy. The list is on GitHub anyway. Doesn't it go out of date ------------------------- [](#doesnt-it-go-out-of-date) Sure. I'll update it from time-to-time. The last update was 7 November 2024. License ======= [](#license) MIT. Author ====== [](#author) Mike Hall (@mikehall314.bsky.social) ### Health Score 30 — LowBetter than 64% of packages Maintenance38 Infrequent updates — may be unmaintained Popularity14 Limited adoption so far Community7 Small or concentrated contributor base Maturity50 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~424 days Total 4 Last Release 552d ago PHP version history (3 changes)v1.0.0PHP ^7.0 v1.1.0PHP ^7.3|^8.0 v1.2.0PHP >=7.3 ### Community Maintainers ![](https://www.gravatar.com/avatar/560e5cbc38aad43c73c99e705ec16399fa1694c0252f91ea449d6791522b8580?d=identicon)[mikehall314](/maintainers/mikehall314) --- Top Contributors [![mikehall314](https://avatars.githubusercontent.com/u/1872237?v=4)](https://github.com/mikehall314 "mikehall314 (15 commits)") --- Tags securitypassword ### Code Quality TestsPHPUnit Code StylePHP\_CodeSniffer ### Embed Badge ![Health badge](/badges/mikehall314-stupid-password/health.svg) ``` [![Health](https://phpackages.com/badges/mikehall314-stupid-password/health.svg)](https://phpackages.com/packages/mikehall314-stupid-password) ``` ### Alternatives [rych/phpass PHP Password Library: Easy, secure password management for PHP 248801.7k4](/packages/rych-phpass)[bordoni/phpass Portable PHP password hashing framework 244.4M26](/packages/bordoni-phpass)[jeremykendall/password-validator Password Validator validates password\_hash generated passwords, rehashes passwords as necessary, and will upgrade legacy passwords. 14469.9k3](/packages/jeremykendall-password-validator)[mxrxdxn/pwned-passwords A library to query Troy Hunt's Pwned Passwords service to see whether or not a password has been included in a public breach. 3270.9k2](/packages/mxrxdxn-pwned-passwords)[spooner-web/be_secure_pw You can set password conventions to force secure passwords for BE users. 10461.3k](/packages/spooner-web-be-secure-pw)[firehed/security Security tools for PHP 2374.9k2](/packages/firehed-security) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)