How do I hash a password in Node.js?
Use bcrypt. const hashed = await bcrypt.hash(password, 10). The second argument is salt rounds; 10 is a good default. Verify with bcrypt.compare(password, hash). Hash in a pre('save') Mongoose hook or in the controller.
Verify This Answer
Cross-check this information using these trusted sources:
More FAQs in How to Hash Passwords in Node.js With bcrypt
bcrypt is designed for passwords. It is slow on purpose (so brute-forcing hashes is expensive) and has a salt built in (so two users with the same password get different hashes). It is the standard choice.
10 is a good default. It takes about 100ms on a modern CPU. Higher is slower (safer against brute force); lower is faster (weaker). For high-security apps, use 12. For most apps, 10 is fine.
No. bcrypt stores the salt inside the hash. You only store the hash. bcrypt.compare extracts the salt automatically when verifying.
Still have questions?
Browse all our FAQs or reach out to our support team
