The Big Idea
What if your users' passwords were stolen because you didn't hash them right?
0
0
Why Password hashing with bcrypt in Express? - Purpose & Use Cases
The Scenario
Imagine storing user passwords as plain text in your database. If someone hacks your system, they get all passwords instantly.
Or you try to hash passwords yourself with simple methods, but it's easy to make mistakes that leave accounts unsafe.
The Problem
Manual password handling is risky and slow. Simple hashes can be cracked quickly by attackers using common tools.
Writing your own secure hashing is tricky and easy to get wrong, leading to data breaches and lost trust.
The Solution
bcrypt automatically hashes passwords with strong, slow algorithms and adds a unique salt to each one.
This makes stored passwords very hard to crack, even if the database is stolen.
Before vs After
✗ Before
const hashed = crypto.createHash('sha256').update(password).digest('hex');
✓ After
const hashed = await bcrypt.hash(password, 10);What It Enables
Securely storing passwords so users' accounts stay safe even if your database is compromised.
Real Life Example
A website uses bcrypt to hash user passwords before saving. When users log in, bcrypt checks the password safely without exposing the original.
Key Takeaways
Storing plain passwords is dangerous and easy to exploit.
Manual hashing is error-prone and often insecure.
bcrypt provides a reliable, secure way to hash passwords with salt and work factor.