Hash passwords with bcrypt or verify a password against an existing hash — all locally in your browser.
Hashing… (higher cost factors take longer by design)
Bcrypt is a password hashing function designed by Niels Provos and David Mazières in 1999. Unlike fast hash functions like MD5 or SHA-256, bcrypt is intentionally slow — making it computationally expensive to brute-force stored password hashes. It's the most widely deployed password hashing scheme in web applications today.
The cost (or work factor) is a logarithmic value that controls how many iterations of the key schedule are applied: 2^cost iterations. At cost 10, bcrypt runs 1,024 iterations; at cost 12, it runs 4,096 iterations.
As hardware gets faster over time, you can increase the cost factor to maintain the same level of protection.
A bcrypt hash looks like: $2b$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy
$2b$ — bcrypt version identifier10$ — cost factorFor new systems, also consider Argon2 (winner of the 2015 Password Hashing Competition — better memory-hardness than bcrypt) or scrypt. However, bcrypt has decades of production use and broad support across every major language framework, making it a solid, proven choice.