Bcrypt Generator

$2y$ password_hash / password_verify

Generate and verify Bcrypt hashes easily. Ideal to test passwords and integrate into PHP systems.

Generate Hash

Tip: prefer 12+ characters mixing letters, numbers, and symbols.
Higher cost is slower (and more secure).

Verify Password vs Hash

Strength: —

Quick Tutorial (for beginners)

  1. What is Bcrypt? It turns your password into a scrambled code (hash) that cannot be reversed. Even if someone sees your database, they only see the hash.
  2. How to generate: In Generate Hash, type your password, set the Cost, and click Generate Hash. Copy the code — that’s what goes to your database.
  3. How to verify: In Verify, paste the stored hash and enter the password. If it says “matches”, the password is correct.
  4. What is “Cost”? The amount of work the computer does to create/verify the hash. Higher values increase security but slow things down. Use 10 to 14 for most servers today.
  • Important: Store only the hash in the database. Never store the plain password.
  • The hash already contains a random “salt”. You don’t need to store it separately.
  • Move to a higher cost later with password_needs_rehash after the user logs in.
  • Use HTTPS, long passwords (12+ chars) and don’t reuse passwords.
PHP example: $hash = password_hash($password, PASSWORD_BCRYPT, ['cost' => 12]);  |  $ok = password_verify($typedPassword, $hash);