Yii 2 Password

Latest Stable Version Latest Unstable Version Total Downloads Monthly Downloads Daily Downloads
Thankful to Krajee!
to get more out of us.

NOTE: This extension depends on the kartik-v/yii2-krajee-base extension which in turn depends on the yiisoft/yii2-bootstrap extension. Check the composer.json for this extension's requirements and dependencies that may be updated by composer.

The yii2-password package provides a couple of great password management utilities for Yii Framework 2.0. The extension allows password strength validation through your model. In addition, it provides an advanced password input widget, that allows you to display/hide text and show the password strength. Inbuilt Bootstrap CSS is used to style the widgets. View a complete demo.

This is a password strength validator for your model attributes. The strength validator allows you to configure the following parameters for validating passwords or strings.

  1. Whether password contains the username
  2. Whether password contains an email string
  3. Minimum number of characters
  4. Maximum number of characters
  5. Minimum number of lower space characters
  6. Minimum number of upper space characters
  7. Minimum number of numeric / digit characters
  8. Minimum number of special characters

Other features:

  1. Includes 5 presets (simple, normal, fair, medium, and strong). Instead of setting each parameter above, you can call a preset which will auto-set each of the parameters above.
  2. It includes both server and client validation.
  3. This can work with the PasswordInput widget (described next) as per your needs. The strength validation routines for both are a bit different. The PasswordInput widget focuses on displaying the strength only, and does not restrict the user input in any way.
NOTE: The StrengthValidator does not validate if the password field is required. You need to use Yii's required rule for this.

// add this in your model
use kartik\password\StrengthValidator;

// use the validator in your model rules
public function rules() {
    return [
           [['username', 'password'], 'required'],
           [['password'], StrengthValidator::className(), 'preset'=>'normal', 'userAttribute'=>'username']

The password input widget is a wrapper for the JQuery Strength meter plugin by Krajee. The plugin converts a password input into a widget with an advanced strength validation meter and toggle mask to show/hide the password. The widget displays a dynamic strength validation meter, which calculates the strength of the password as you type. You can configure the following options for the widget. This is an advanced password input widget with configurable options and a dynamic strength meter. The widget provides various features as mentioned below:

  1. Allows you to show/ hide the password text (using bootstrap styled input addons). You can configure this option to be shown or not.
  2. Allows you to display an advanced password strength meter to calculate and show your password strength as you type.
  3. Allows you to control and position/style your meter based on templates.
  4. A password strength meter consists of the meter bar, the score, and the verdict.
  5. Uses Bootstrap 3.0 styling wherever possible with inbuilt Yii 2.0 ActiveField functionality.
  6. Works independent and complements the StrengthValidator.
The important options to pass to this widget are:
  • model Model the model object to be passed

  • attribute string the model attribute to be validated (e.g. password)

// add this in your view
use kartik\password\PasswordInput;

// Usage with ActiveForm
echo $form->field($model, 'password')->widget(

// Usage with model and without ActiveForm 
echo PasswordInput::widget([
    'model' => $model, 
    'attribute' => 'password_1'

// Usage without a model or ActiveForm
echo PasswordInput::widget([
    'name' => 'password_2'