PHPackages                             nordsoftware/yii2-password - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. nordsoftware/yii2-password

AbandonedArchivedYii2-extension[Authentication &amp; Authorization](/categories/authentication)

nordsoftware/yii2-password
==========================

Password strategies for the Yii framework.

1.0.3(11y ago)03.0k3BSD-3-ClausePHP

Since May 30Pushed 10y ago11 watchersCompare

[ Source](https://github.com/nordsoftware/yii2-password)[ Packagist](https://packagist.org/packages/nordsoftware/yii2-password)[ RSS](/packages/nordsoftware-yii2-password/feed)WikiDiscussions master Synced 1mo ago

READMEChangelogDependenciesVersions (4)Used By (0)

Yii Password Strategies
=======================

[](#yii-password-strategies)

Password strategies are specifications for how passwords should be encoded and verified and how complicated user supplied passwords should be. Out of the box it contains strategies for bcrypt and multiple rounds of hash functions e.g. sha1, as well as support for legacy password hashes like unsalted md5 and unsalted sha1. The aim is to allow multiple different password strategies to co-exist and to upgrade users from legacy hashes to new hashes when they login.

Why do I want this?
-------------------

[](#why-do-i-want-this)

Imagine that you have a legacy application that uses simple, unsalted md5 based password hashing, which, in 2012 is considered completely insecure. You want to upgrade your password hashes, but you don't have access to the plain text passwords. In this scenario you can configure two password strategies, your old legacy one that uses md5, and your new shiney one that uses bcrypt. Then when users login to their accounts, their password will be verified using the legacy strategy, and if it matches, they will be seamlessly upgraded to the new bcrypt password strategy. For example:

```
class User extends \yii\db\ActiveRecord
{
  public function behaviors()
  {
    return [
      [
					"class" => "YiiPassword\Behavior",
				"defaultStrategyName" => "bcrypt",
				"strategies" => array(
					"bcrypt" => array(
						"class" => "YiiPassword\Strategies\Bcrypt",
						"workFactor" => 14
					),
					"legacy" => array(
						"class" => "YiiPassword\Strategies\LegacyMd5",
					)
				),
			)
		);
	}

	....
}

$user = User::model()->findByPK(1); // a user using the legacy password strategy
echo $user->password; // unsalted md5, horrible
$user->verifyPassword("password"); // verifies the password using the legacy strategy, and rehashes based on bcrypt strategy
echo $user->password; // now hashed with bcrpt
```

But this is also useful for modern applications, let's say you have a new webapp and you're doing The Right Thing and using bcrypt for your password hashing. You start off with a work factor of 12, but after a few months you decide you'd like to increase it to 15. Normally this would be quite difficult to accomplish because of all the users who've already signed up using the less secure hashes, but with password strategies, you can simply add another bcrpyt strategy with the desired work factor, set it to the default, and your users will be upgraded to the new strategy next time they login.

By default, YiiPassword\\Behavior assumes that your model contains the following fields:

```
* *salt* - holds the per user salt used for hashing passwords
* *username* - holds the username
* *password* - holds the hashed password
* *passwordStrategy* - holds the name of the current password strategy for this user
* *requiresNewPassword* - a boolean field that determines whether the user should change their password or not

```

You can configure the field names on the behavior.

Also info: Using Bcrypt Strategy For New Application? - [phpnode#10](https://github.com/phpnode/yiipassword/issues/10)

###  Health Score

33

—

LowBetter than 75% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity19

Limited adoption so far

Community18

Small or concentrated contributor base

Maturity65

Established project with proven stability

 Bus Factor1

Top contributor holds 53.6% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~5 days

Total

2

Last Release

4360d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/ab3becb3323ceb956c661f3e6ef4312dcd00ec4ba03d1bba5fcef793f5c4286d?d=identicon)[crisu83](/maintainers/crisu83)

---

Top Contributors

[![phpnode](https://avatars.githubusercontent.com/u/363611?v=4)](https://github.com/phpnode "phpnode (15 commits)")[![cniska](https://avatars.githubusercontent.com/u/1044868?v=4)](https://github.com/cniska "cniska (6 commits)")[![githubjeka](https://avatars.githubusercontent.com/u/874234?v=4)](https://github.com/githubjeka "githubjeka (5 commits)")[![mplescano](https://avatars.githubusercontent.com/u/3855084?v=4)](https://github.com/mplescano "mplescano (1 commits)")[![sitawit](https://avatars.githubusercontent.com/u/3954702?v=4)](https://github.com/sitawit "sitawit (1 commits)")

---

Tags

passwordbcrypt

### Embed Badge

![Health badge](/badges/nordsoftware-yii2-password/health.svg)

```
[![Health](https://phpackages.com/badges/nordsoftware-yii2-password/health.svg)](https://phpackages.com/packages/nordsoftware-yii2-password)
```

###  Alternatives

[paragonie/halite

High-level cryptography interface powered by libsodium

1.2k9.4M63](/packages/paragonie-halite)[phpnode/yiipassword

Password strategies for the Yii PHP framework.

75188.5k3](/packages/phpnode-yiipassword)[kartik-v/yii2-password

Useful password strength validation utilities for Yii Framework 2.0

791.2M17](/packages/kartik-v-yii2-password)[ellaisys/aws-cognito

AWS Cognito package that allows Auth and other related features using the AWS SDK for PHP

120220.7k1](/packages/ellaisys-aws-cognito)[yebor974/filament-renew-password

Package for manage renew password according to the last renew or other criteria

4482.6k3](/packages/yebor974-filament-renew-password)[martbock/laravel-diceware

Diceware Passphrase Generator for Laravel

3264.7k](/packages/martbock-laravel-diceware)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)