Get "PHP 8 in a Nuthshell" (Now comes with PHP 8.3)
Amit Merchant

Amit Merchant

A blog on PHP, JavaScript, and more

The new helper to generate secure passwords in Laravel 10.x

Oftentimes, you may need to generate a secure password for your users. And in such cases, you may use the Str::random() method to generate a random string. But, the problem with this method is that it generates a random string that may not be secure enough.

So, in Laravel 10.x, a new helper method called Str::password() has been introduced to generate secure passwords.

The password() helper

The new password() helper is a new helper method that has been introduced in Laravel 10.x to generate secure passwords. And it’s pretty simple to use.

use Illuminate\Support\Str;

$password = Str::password();

// 'EbJo2vE-AS:U,$%_gkrV4n,q~1xy/-_4'

As you can tell, the password() helper generates a secure password that is 32 characters long by default. You can also pass the length of the password as the first argument to the password() helper.

$password = Str::password(10);

// 'EbJo2vE-AS'

Customizing the password

If you see the implementation of the password() helper, you’ll see there are a couple more that you can pass in to customize it apart from the length of the password.

 * Generate a random, secure password.
 * @param  int  $length
 * @param  bool  $letters
 * @param  bool  $numbers
 * @param  bool  $symbols
 * @param  bool  $spaces
 * @return string
public static function password($length = 32, $letters = true, $numbers = true, $symbols = true, $spaces = false)
    return (new Collection)
            ->when($letters, fn ($c) => $c->merge([
                'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k',
                'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v',
                'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G',
                'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R',
                'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z',
            ->when($numbers, fn ($c) => $c->merge([
                '0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
            ->when($symbols, fn ($c) => $c->merge([
                '~', '!', '#', '$', '%', '^', '&', '*', '(', ')', '-',
                '_', '.', ',', '<', '>', '?', '/', '\\', '{', '}', '[',
                ']', '|', ':', ';',
            ->when($spaces, fn ($c) => $c->merge([' ']))
            ->pipe(fn ($c) => Collection::times($length, fn () => $c[random_int(0, $c->count() - 1)]))

As you can see, the password() helper generates a password that contains letters, numbers, symbols, and spaces by default. But, you can also customize this by passing the second to fifth arguments to the password() helper.

For instance, if you want to generate a password that contains only numbers, you can do so by passing true to the third and making the rest of the arguments false like so.

$password = Str::password(10, false, true, false, false);

// '1234567890'
Learn the fundamentals of PHP 8 (including 8.1, 8.2, and 8.3), the latest version of PHP, and how to use it today with my new book PHP 8 in a Nutshell. It's a no-fluff and easy-to-digest guide to the latest features and nitty-gritty details of PHP 8. So, if you're looking for a quick and easy way to PHP 8, this is the book for you.

Like this article? Consider leaving a


👋 Hi there! I'm Amit. I write articles about all things web development. You can become a sponsor on my blog to help me continue my writing journey and get your brand in front of thousands of eyes.