Str::password()
Generate a cryptographically secure random password with configurable length and character types.
Overview
Str::password() generates a random, secure password string. By default it produces a 32-character password with letters, numbers, symbols, and spaces. You can configure the length and which character types to include.
Usage
use Illuminate\Support\Str;
Str::password();
// 'j3M>2$sR!qK&p7Tz...' (32 characters)
Str::password(16);
// 'Kp7#mQ2x...' (16 characters)
Exclude specific character types:
// Letters and numbers only — no symbols or spaces
Str::password(length: 20, symbols: false, spaces: false);
// 'kR7mQ2xP9nB4jL8wT3y'
Real-World Example
Generating temporary passwords for user invitations:
$password = Str::password(16, symbols: false, spaces: false);
$user = User::create([
'name' => $request->name,
'email' => $request->email,
'password' => Hash::make($password),
'must_reset_password' => true,
]);
Mail::to($user)->send(new WelcomeMail($password));
When to Use
- Generating temporary or initial passwords
- Creating API tokens or one-time codes
- Any scenario where you need a random secure string with guaranteed character diversity