Passwordhashing in authentication

Never store plain text passwords. Use bcrypt or argon2 to hash passwords with a salt. Hashing is one-way — you can't reverse it. To verify, hash the input and compare with stored hash.

Example

const bcrypt = require('bcrypt');

// Hash password
const hash = await bcrypt.hash('myPassword', 10); // 10 salt rounds

// Verify password
const isMatch = await bcrypt.compare('myPassword', hash); // true

bcrypt.hash creates a salted hash, bcrypt.compare verifies a password against the stored hash.

Previous Next