Level 122
Use the standard authentication and give the user a random password...
Oct 3, 2021
12
Level 1
How to generate and validate a random (and temporary) password in Laravel?
I need to implement a method to generate a random password and then validate that the user is using the password previously generated. I really appreciate any help and guidance. Thank you all!
Level 80
@happyengineer You shouldn’t be dealing with plaintext passwords anywhere. If you’re generating “random” passwords then presumably you’re sending it to the user as plaintext in an email or something. Don’t. It’s a security risk.
If you’re provisioning accounts for users then instead create an account and then send a temporary URL to the user for then to pick their own password. Or just send them a password reset link.
A user should only be logging in with a password they’ve explicitly set.
1 like
Level 1
Generating and validating random passwords in Laravel is a common requirement. To generate a random password, you can use Laravel's Str::random() method, which generates a random string of a specified length. For example, Str::random(12) will generate a 12-character random string.
Level 122
@Sapherywa and... whats your point?
There are multiple ways you could generate a random password, but the point is, DONT. If you generate a password for the user you have to send it to them somehow, and that probably means sending it in plain text.
Let the user choose their own password.
Level 1
Yeah, generating and validating a random, temporary password in Laravel is a pretty common task.
Level 1
In my experience, I tackled a similar problem for a project where we needed secure temporary passwords. I used Laravel's built-in methods to generate a random password and stored it in the database with an expiration time.For extra security, I used a password generator strong tool. It helped create passwords that were not just random but really tough to crack. Then, validating the password was as simple as comparing the user's input with what was stored.
Level 122
@harriscordan no, no, no, no!
everything you know about passwords is wrong
Length beats complexity.
Never create a password for someone else
validating the password was as simple as comparing the user's input with what was stored
I hope you just forgot to mention hashing
Level 1
I used Str::random() to generate a random password—usually something like Str::random(12) for 12 characters. If you’re storing it in the database, just make sure to hash it so it’s secure. When the user enters the password, you can check it against the hashed one in the database.
Level 122
@korimalicn did you even read previous answers
Level 4
@Snapey Seems like a bot :/
Level 1
I used Str::random() to generate a random password—usually something like Str::random(12) for 12 characters. If you’re storing it in the database, just make sure to hash it so it’s secure. When the user enters the password, you can check it against the hashed one in the database.
Please or to participate in this conversation.