Node.js - hash passwords using bcrypt

0 points
Created by:

In this article, we would like to show you how to hash passwords in Node.js using Bcrypt.

Hashing password using Bcrypt
Hashing password using Bcrypt

Storing user passwords in a database requires security in case they are disclosed
or someone unauthorized had access to our database. 

Passwords in our database should never be stored explicitly - they should always be hashed.

Currently, the most popular and safe method is to use bcrypt.

First step is to install bcrypt using npm:

npm install bcrypt

Hash a password

The hashing method requires salt rounds, i.e. the cost factor - simply speaking, it is a cost function (the larger, the more encrypted the password) - the recommended value is 10.

const bcrypt = require('bcrypt');

const saltRounds = 10; 
const password = '1234567';

bcrypt.hash(password, saltRounds, (error, hash) => {
    if (error) {
        console.log('Error: ', error);
    } else {
        console.log(`Your encrypted password is: ${hash}`)
        // here you can send hashed passwords to the database

Check a password

Compare the given password with the password from the database.

const bcrypt = require('bcrypt');

const password = '1234567';
const hashedPassword ='P@$$WoRD';, hashedPassword, (error, result) => {
    if (error) {
        console.error('Error: ', error);
    } else {
        console.log('Is the password correct: ', result); // true or false

Note: bcrypt uses an algorithm that creates different hashed passwords each time, but comparing the passwords for each password will give true. Check out this question.


  1. Bcrypt - Wikipedia.
  2. Node.js - why bcrypt generate different outputs for same input (question).

Native Advertising
Get your tech brand or product in front of software developers.
For more information Contact us
Dirask - we help you to
solve coding problems.
Ask question.

❤️💻 🙂