Creating authentication in Laravel is a breeze mostly because everything is pretty much laid out for the developer. Unless you really know what you are doing, a default authentication module provided by the Laravel provides everything you need.

Out of the box, Laravel is one of the most secure frameworks. Built-in authentication uses bcrypt for password hashing and AES-256 for cookie and session encryption with a 32 bit key generated upon project creation located in env under APP_KEY.

Without going too much into encryption algorithms, I will just mention that brute-forcing a 256-bit key can consist of 2²⁵⁶  combinations and a computer that is capable of achieving this in any relevant time is not yet available.

I assume you have a Laravel application installed at this point. If you don’t you can check out a fancy how-to-install guide I made right here.

Laravel provides a neat function php artisan make:auth that quickly generates a scaffold of routes, views, and controllers used for the authentication.

Inside the web route you will now have:

Auth::routes();
Route::get('/home', 'HomeController@index')->name('home');

If we run php artisan route:list command we can observe the following route structure

We can notice that under Auth::routes() Laravel registered many routers which of course you can manually write yourself.

We also got a whole set of Auth controllers inside our controller folder as well as a HomeController where the logged-in user will be sent after successful login.

Laravel will also create an auth views folder, default app layout and a home view.

Now we need to run our migration files in order to create a users and password resets table. In the terminal type in php artisan migrate.

Now, depending on the version of your database and the Laravel application you may be greeted with the following error message: 

Illuminate\Database\QueryException : SQLSTATE[42000]: 
Syntax error or access violation: 1071 
Specified key was too long; max key length is 767 bytes 
(SQL: alter table `users` add unique `users_email_unique`(`email`))

Laravel 5.4 changed the default database character set to utf8mb4 which causes our query to fail. In order to fix this issue update AppServiceProvider class in the App\Providers to match the following.

<?php

namespace App\Providers;

use Illuminate\Support\Facades\Schema;
use Illuminate\Support\ServiceProvider;

class AppServiceProvider extends ServiceProvider
{
    /**
     * Register any application services.
     *
     * @return void
     */
    public function register()
    {
        //
    }

    /**
     * Bootstrap any application services.
     *
     * @return void
     */
    public function boot()
    {
        Schema::defaultStringLength(191);
    }
}

Our previous failed query left us with a partially created table. We can not run the same php artisan migrate command as it will complain about the base table already existing. However, we can use a different command php artisan migrate:fresh in order to recreate all tables.

Be careful with this command especially in the production environment.

Now start your Laravel server and go to the starting page.