On the Laravel News site there's a quick post looking at Laravel's login validation and how you can make updates to its handling (and where the changes should be made).

Laravel’s included auth system is a great way of scaffolding out a basic flow for authenticating users through a complete registration, login, logout, and forgot password system.

When it’s all setup the login and password reset validation is stored in an AuthenticatesUsers and ResetsPasswords trait. Even though it’s a little hidden away it’s still easy to adjust this to your needs. Let’s take a look at how to adjust this.

The post then breaks each of these down, showing where in the framework source the code lives and how you can update or override the current handling. The login validation lives in the default "AuthenticatesUsers" trait and the password reset verification is in "ResetsPasswords". These can each be overridden in your own controllers as they're just methods included via traits.