[1.x] chore: bump to pragmarx/google2fa v9 #619

joostdebruijn · 2025-11-16T14:47:46Z

This PR updates the dependency pragmarx/google2fa to v9. This version contains a breaking change: the default secret key length has been increased from 16 to 32 characters for enhanced security. However, Laravel Fortify explicitly sets the default value for the generation of a secret key to 16:

fortify/src/TwoFactorAuthenticationProvider.php

Lines 44 to 47 in bd38202

    
           public function generateSecretKey(int $secretLength = 16) 
        
           { 
        
               return $this->engine->generateSecretKey($secretLength); 
        
           }

Therefore, bumping to v9 is not a breaking change for Laravel Fortify.

In theory we could set the value to 32 as well, as in the migration the field two_factor_secret is of type TEXT so an increase in the length of the secret would not be an issue but there might be other side effects as well as mentioned in the release notes of pragmarx/google2fa. Such a change would be better for in a future 2.x-release.

chore: bump to pragmarx/google2fa v9

b2b76de

taylorotwell merged commit 6f2d630 into laravel:1.x Nov 16, 2025
13 checks passed

joostdebruijn deleted the google2fa-v9 branch November 16, 2025 16:55

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[1.x] chore: bump to pragmarx/google2fa v9 #619

[1.x] chore: bump to pragmarx/google2fa v9 #619

Uh oh!

joostdebruijn commented Nov 16, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

	public function generateSecretKey(int $secretLength = 16)
	{
	return $this->engine->generateSecretKey($secretLength);
	}

[1.x] chore: bump to pragmarx/google2fa v9 #619

[1.x] chore: bump to pragmarx/google2fa v9 #619

Uh oh!

Conversation

joostdebruijn commented Nov 16, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants