PHPackages philiprehberger/php-password-strength - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Validation & Sanitization](/categories/validation) 4. / 5. philiprehberger/php-password-strength ActiveLibrary[Validation & Sanitization](/categories/validation) philiprehberger/php-password-strength ===================================== Password strength validation with entropy calculation and common password detection v1.2.0(3mo ago)138MITPHPPHP ^8.2CI passing Since Mar 13Pushed 1mo agoCompare [ Source](https://github.com/philiprehberger/php-password-strength)[ Packagist](https://packagist.org/packages/philiprehberger/php-password-strength)[ Docs](https://github.com/philiprehberger/php-password-strength)[ GitHub Sponsors](https://github.com/philiprehberger)[ RSS](/packages/philiprehberger-php-password-strength/feed)WikiDiscussions main Synced 3w ago READMEChangelogDependencies (6)Versions (5)Used By (0) PHP Password Strength ===================== [](#php-password-strength) [![Tests](https://github.com/philiprehberger/php-password-strength/actions/workflows/tests.yml/badge.svg)](https://github.com/philiprehberger/php-password-strength/actions/workflows/tests.yml)[![Latest Version on Packagist](https://camo.githubusercontent.com/dc3eb96a407be57bd68ab0c457281cf82fa578ed7947fc0bb108a6adbcb7626e/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f7068696c69707265686265726765722f7068702d70617373776f72642d737472656e6774682e737667)](https://packagist.org/packages/philiprehberger/php-password-strength)[![Last updated](https://camo.githubusercontent.com/2593d4a7c47832ded80ce1c719bb25988c27135f16e524f31f53711f6b05b8c8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6173742d636f6d6d69742f7068696c69707265686265726765722f7068702d70617373776f72642d737472656e677468)](https://github.com/philiprehberger/php-password-strength/commits/main) Password strength validation with entropy calculation and common password detection. Requirements ------------ [](#requirements) - PHP 8.2+ Installation ------------ [](#installation) ``` composer require philiprehberger/php-password-strength ``` Usage ----- [](#usage) ### Checking password strength [](#checking-password-strength) ``` use PhilipRehberger\PasswordStrength\PasswordStrength; $result = PasswordStrength::check('MyP@ssw0rd!2026'); echo $result->score; // 0-4 echo $result->label(); // "very weak", "weak", "fair", "strong", or "very strong" echo $result->entropy; // Shannon entropy in bits echo $result->isCommon; // true if found in common passwords list echo $result->length; // Password length // Improvement suggestions foreach ($result->suggestions as $suggestion) { echo $suggestion; } // Array representation $array = $result->toArray(); ``` ### Quick validation [](#quick-validation) ``` use PhilipRehberger\PasswordStrength\PasswordStrength; // Returns true if score >= 3 (strong) if (PasswordStrength::isStrong('MyP@ssw0rd!2026')) { echo 'Password is strong enough.'; } // Custom minimum score if (PasswordStrength::isStrong('MyP@ssw0rd!2026', minScore: 4)) { echo 'Password is very strong.'; } ``` ### Detailed analysis [](#detailed-analysis) ``` use PhilipRehberger\PasswordStrength\PasswordStrength; $report = PasswordStrength::analyze('MyP@ssw0rd!2026'); echo $report->score; // 0-4 echo $report->level; // "very weak", "weak", "fair", "strong", or "very strong" echo $report->length; // Password length echo $report->hasLowercase; // true echo $report->hasUppercase; // true echo $report->hasDigits; // true echo $report->hasSymbols; // true echo $report->hasRepeatedChars; // false echo $report->hasSequentialChars; // false echo $report->hasKeyboardPattern; // false ``` ### Custom dictionary [](#custom-dictionary) ``` use PhilipRehberger\PasswordStrength\PasswordStrength; PasswordStrength::addDictionary(['company', 'acme', 'internal']); $result = PasswordStrength::check('acmepassword'); // Score reduced, suggestion: "Avoid dictionary words." PasswordStrength::clearDictionaries(); ``` ### Personal context checking [](#personal-context-checking) ``` use PhilipRehberger\PasswordStrength\PasswordStrength; $report = PasswordStrength::withContext(['john', 'john@example.com']) ->analyze('john2024!'); echo $report->hasPersonalContext; // true // Suggestion: "Avoid using personal information in your password" ``` ### Policy-based validation [](#policy-based-validation) ``` use PhilipRehberger\PasswordStrength\PasswordPolicy; use PhilipRehberger\PasswordStrength\PasswordStrength; $policy = (new PasswordPolicy) ->minLength(10) ->requireUppercase() ->requireDigits() ->requireSymbols() ->minScore(3); // Using the policy directly $policy->check('MyP@ssw0rd!2026'); // true // Using the main class PasswordStrength::meetsPolicy('MyP@ssw0rd!2026', $policy); // true PasswordStrength::meetsPolicy('weak', $policy); // false ``` API --- [](#api) ### `PasswordStrength` [](#passwordstrength) MethodDescription`PasswordStrength::check(string $password): StrengthResult`Analyse a password and return a result`PasswordStrength::isStrong(string $password, int $minScore = 3): bool`Returns `true` if the score meets the minimum`PasswordStrength::analyze(string $password): StrengthReport`Return a detailed strength report with analysis flags`PasswordStrength::meetsPolicy(string $password, PasswordPolicy $policy): bool`Check if a password satisfies a policy`PasswordStrength::addDictionary(array $words): void`Add custom dictionary words to check against`PasswordStrength::clearDictionaries(): void`Clear all custom dictionaries`PasswordStrength::withContext(array $context): PendingAnalysis`Create a pending analysis with personal context### `StrengthResult` [](#strengthresult) Property / MethodTypeDescription`score``int`Strength score from 0 to 4`entropy``float`Shannon entropy in bits`isCommon``bool`Whether the password is in the common list`length``int`Password length in characters`suggestions``array`List of improvement suggestions`label(): string`—Human label: `very weak`, `weak`, `fair`, `strong`, `very strong``toArray(): array`—Serialize to array### `StrengthReport` [](#strengthreport) PropertyTypeDescription`score``int`Strength score from 0 to 4`level``string`Human-readable strength level`hasLowercase``bool`Whether the password contains lowercase letters`hasUppercase``bool`Whether the password contains uppercase letters`hasDigits``bool`Whether the password contains digits`hasSymbols``bool`Whether the password contains special characters`hasRepeatedChars``bool`Whether the password has 3+ repeated characters in a row`hasSequentialChars``bool`Whether the password has 3+ sequential characters`hasKeyboardPattern``bool`Whether the password contains keyboard patterns`length``int`Password length in characters`hasPersonalContext``bool`Whether the password contains personal context information`suggestions``array`List of improvement suggestions### `PendingAnalysis` [](#pendinganalysis) MethodDescription`analyze(string $password): StrengthReport`Analyze a password with personal context applied### `PasswordPolicy` [](#passwordpolicy) MethodDescription`minLength(int $length): self`Set minimum password length`requireUppercase(): self`Require at least one uppercase letter`requireDigits(): self`Require at least one digit`requireSymbols(): self`Require at least one special character`minScore(int $score): self`Set minimum strength score (0-4)`check(string $password): bool`Check if a password meets the policy### Score Meanings [](#score-meanings) ScoreLabelDescription0Very WeakTrivial or common password1WeakLow entropy or very short2FairModerate entropy, room to improve3StrongGood entropy and character variety4Very StrongExcellent entropy and lengthDevelopment ----------- [](#development) ``` composer install vendor/bin/phpunit vendor/bin/pint --test ``` Support ------- [](#support) If you find this project useful: ⭐ [Star the repo](https://github.com/philiprehberger/php-password-strength) 🐛 [Report issues](https://github.com/philiprehberger/php-password-strength/issues?q=is%3Aissue+is%3Aopen+label%3Abug) 💡 [Suggest features](https://github.com/philiprehberger/php-password-strength/issues?q=is%3Aissue+is%3Aopen+label%3Aenhancement) ❤️ [Sponsor development](https://github.com/sponsors/philiprehberger) 🌐 [All Open Source Projects](https://philiprehberger.com/open-source-packages) 💻 [GitHub Profile](https://github.com/philiprehberger) 🔗 [LinkedIn Profile](https://www.linkedin.com/in/philiprehberger) License ------- [](#license) [MIT](LICENSE) ### Health Score 41 — FairBetter than 87% of packages Maintenance87 Actively maintained with recent releases Popularity9 Limited adoption so far Community8 Small or concentrated contributor base Maturity50 Maturing project, gaining track record Bus Factor1 Top contributor holds 94.4% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~5 days Total 4 Last Release 91d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/cfd7d24cbbf32400fa13ce0bbe7a31edd2d66a6d4488eafdb3d64c5337bf0435?d=identicon)[philiprehberger](/maintainers/philiprehberger) --- Top Contributors [![philiprehberger](https://avatars.githubusercontent.com/u/8218077?v=4)](https://github.com/philiprehberger "philiprehberger (17 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (1 commits)") --- Tags validationsecuritypasswordentropystrength ### Code Quality TestsPHPUnit Static AnalysisPHPStan Code StyleLaravel Pint Type Coverage Yes ### Embed Badge ![Health badge](/badges/philiprehberger-php-password-strength/health.svg) ``` [![Health](https://phpackages.com/badges/philiprehberger-php-password-strength/health.svg)](https://phpackages.com/packages/philiprehberger-php-password-strength) ``` ### Alternatives [karser/karser-recaptcha3-bundle Google ReCAPTCHA v3 for Symfony 1862.5M9](/packages/karser-karser-recaptcha3-bundle)[schuppo/password-strength This package provides a validator for ensuring strong passwords in Laravel 4 applications. 1432.7M1](/packages/schuppo-password-strength)[siriusphp/validation Data validation library. Validate arrays, array objects, domain models etc using a simple API. Easily add your own validators on top of the already dozens built-in validation rules 159763.3k13](/packages/siriusphp-validation)[kartik-v/strength-meter A dynamic strength meter for password input validation with various configurable options. 871.3M6](/packages/kartik-v-strength-meter)[jbafford/password-strength-bundle Provides a password strength validator 28495.5k](/packages/jbafford-password-strength-bundle)[olssonm/l5-zxcvbn Implementation of the zxcvbn project by @dropbox for Laravel. Uses zxcvbn-php by @bjeavons. 29325.4k1](/packages/olssonm-l5-zxcvbn) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)