Version 2.2.0 of my PHP Password Validator has been released.
There is a fix to replace the supported PHP versions and Packagist version badges within the
README.md file with just images rather than link anywhere.
The big change for this release, however, is the introduction of a banned password list. This is pulled from a few sources of commonly used passwords which have been leaked, and are deemed to be "known". As a result, they will always return an entropy of 0.
When checking an input password, it will always check a lowercase version of the password against the word list. It is assumed that all upper and lowercase variants of the password are known e.g.
q1w2e3r4t5y6 is treated the same as
q1w2E3r4T5y6, and both return an entropy of 0.
It is possible to utilise your own banned password list as part of
getEntropy. A new parameter has been added which takes an array of banned passwords you want to return an entropy of 0 for. This optional list of banned passwords will need the passwords used to be all lowercase for it to find a match.