Create default password validation rules in Laravel 8

Password is the most important data in any database. Any password should not be stored without proper encryption. Thank to Laravel facade Illuminate\Support\Facades\Hash provides strong way to encrypt password.

It is also important to force user to use strong password. Laravel provides various validation rules which force user to use enough strong password. With Laravel 8, provides default password validation rules. 

In this tutorial article, we will go through on different types of complexity in validating password.

To validate any fields, use validate method of Illuminate\Http\Request object. In your controller add validate() method.

use Illuminate\Validation\Rules\Password;

 * store new user
 * @param  \Illuminate\Http\Request  $request
 * @return \Illuminate\Http\Response
public function store(Request $request)
    $validated = $request->validate([
        'email' => ['required']
        'password' => ['required', 'confirmed', Password::min(8)],

    // store user data

You already know validation 'required' and confirmed. confirmed will confirm that password and password_confirmation both are same. With the help of Illuminate\Validation\Rules\Password, you can validate them password complexity.

// minimum 8 characters required

You can also chain more methods to add more complexity.

// minimum 8 characters with at least one letter

// minimum 8 characters with at least one uppercase and one lowercase letter

// minimum 8 characters with at least one number

// minimum 8 characters with at least one symbol

// password has not been compromised in a public password

Instead of defining multiple validation, you can chain multiple methods in a single expression.


But what if you are validating all complexity at multiple times in a application. You have to copy-paste it all the way. Instead you can define this validate at one place and call it everytime when you required.

Laravel also provides this feature. Instead, you can define all these rules in any of service provider's boot method. For example in AppServiceProvider.


namespace App\Providers;

use Illuminate\Support\ServiceProvider;
use Illuminate\Validation\Rules\Password;

class AppServiceProvider extends ServiceProvider
     * Register any application services.
     * @return void
    public function register()

     * Bootstrap any application services.
     * @return void
    public function boot()
        Password::defaults(function () {
            $rule = Password::min(8);

            return $this->app->isProduction()
                        ? $rule->mixedCase()->symbols()->uncompromised()
                        : $rule;

And in your controller's validate method, pass only Password::defaults() method like this:

'password' => ['required', Password::defaults()],

We hope these tutorial help everyone. Thanks.