How to store passwords in the database
New Courses Coming Soon
Join the waiting lists
You don’t. You don’t store passwords in the database. You store the password hash, a string generated from the password, but from which no one can go back to the original password value.
Using Node, install bcrypt
:
npm install bcrypt
Require it, and define the salt rounds value, we’ll use it later:
const bcrypt = require('bcrypt')
const saltRounds = 10
Create a password hash
Create a password hash using:
const hash = await bcrypt.hash('PASSWORD', saltRounds)
where PASSWORD
is the actual password string.
If you prefer callbacks:
bcrypt.hash('PASSWORD', saltRounds, (err, hash) => {
})
Then you can store the hash
value in the database.
Verify the password hash
To verify the password, compare it with the hash stored in the database using bcrypt.compare()
:
const result = await bcrypt.compare('PASSWORD', hash)
//result is true or false
Using callbacks:
bcrypt.compare('somePassword', hash, (err, result) => {
//result is true or false
})
Here is how can I help you:
- COURSES where I teach everything I know
- CODING BOOTCAMP cohort course - next edition in 2025
- THE VALLEY OF CODE your web development manual
- BOOKS 17 coding ebooks you can download for free on JS Python C PHP and lots more
- Interesting links collection
- Follow me on X