How to store passwords in the database

You don’t. You don’t store passwords in the database. You store the password hash, a string generated from the password, but from which no one can go back to the original password value.

Using Node, install bcrypt:

npm install bcrypt

Require it, and define the salt rounds value, we’ll use it later:

const bcrypt = require('bcrypt')

const saltRounds = 10

Create a password hash

Create a password hash using:

const hash = await bcrypt.hash('PASSWORD', saltRounds)

where PASSWORD is the actual password string.

If you prefer callbacks:

bcrypt.hash('PASSWORD', saltRounds, (err, hash) => {
  
})

Then you can store the hash value in the database.

Verify the password hash

To verify the password, compare it with the hash stored in the database using bcrypt.compare():

const result = await bcrypt.compare('PASSWORD', hash) 
//result is true or false

Using callbacks:

bcrypt.compare('somePassword', hash, (err, result) => {
  //result is true or false
})

Written on May 22, 2020

I wrote 19 books to help you become a better developer:

HTML Handbook
Next.js Pages Router Handbook
Alpine.js Handbook
HTMX Handbook
TypeScript Handbook
React Handbook
SQL Handbook
Git Cheat Sheet
Laravel Handbook
Express Handbook
Swift Handbook
Go Handbook
PHP Handbook
Python Handbook
Linux Commands Handbook
C Handbook
JavaScript Handbook
CSS Handbook
Node.js Handbook

...download them all now!

How to store passwords in the database

Create a password hash

Verify the password hash

Related posts that talk about :