How to make strong passwords in Laravel Passport

Question

I'm using laravel passport to make a login system in my api.

But I was wondering if there is any way to make the password more secure, is there any way to do more rounds in the password, I also read that Argon2id is more secure than bcrypt, that is correct? If is correct how I use it?. Here I leave my signup code

 public function signup(Request $request)
    {
        $request->validate([
            'name'     => 'required|string',
            'email'    => 'required|string|email|unique:users',
            'password' => 'required|string|confirmed',
        ]);
        $user = new User([
            'name'     => $request->name,
            'email'    => $request->email,
            'password' => bcrypt($request->password), // Hash
        ]);
        $user->save();
        return response()->json([
            'message' => 'Successfully created user!'], 201);
    }

I personally wouldn't bother with that, bcrypt is proven and afaik still unbroken to date. — Vladan, Sep 09 '20 at 20:33

Jon White · Accepted Answer · 2021-02-07T08:23:31.400

From the docs:

You can specify the number of rounds for both bcrypt and argon2 hashing drivers which you can set in your config/hashing.php file

For bcrypt:

$hashed = Hash::make('password', [
    'rounds' => 12,
]);

For argon2

$hashed = Hash::make('password', [
    'memory' => 1024,
    'time' => 2,
    'threads' => 2,
]);

Opinion seems to be that argon2 is more secure. I can't claim to entirely understand why but I gather it's to do with argon2's multi-threading which if I understand correctly makes it more resistant to GPU cracking than bcrypt.

How to make strong passwords in Laravel Passport

1 Answers1