Laravel/Lumen comes with Hash facade that provides the secure Bcrypt & Argon2 hashing for storing user string passwords.
Default Laravel Login & Register Controllers uses Bcrypt for authentication.
Let’s take a look at the basic implementation:
<?php namespace App\Http\Controllers; use App\Http\Controllers\Controller; use Illuminate\Http\Request; use Illuminate\Support\Facades\Hash; class UserController extends Controller { /** * Update the password for the user. * * @param Request $request * @return Response */ public function update(Request $request) { $request->user()->fill([ 'password' => Hash::make($request->newPassword) ])->save(); } /** * Check stored password * * @param Request $request * @return Response */ public function check(Request $request) { $user = User::where('email', '=', 'hello@email.com')->first(); if ($user) { if (Hash::check($request->get('password'), $user->password) { // unauthenticated return ['error' => 'unauthenticated']; } } return []; } }