Developer Tools

Htpasswd
Generator

Q: Which hash should I use for .htpasswd?

Use bcrypt ($2y$). It is the strongest format Apache and Nginx support and resists brute-force far better than MD5 or SHA-1. Only fall back to SHA-1 for legacy systems.

Q: How do I use the generated line?

Paste it into your .htpasswd file (one user per line). In Apache reference it with AuthType Basic + AuthUserFile; in Nginx use auth_basic and auth_basic_user_file.

Q: How can I generate this on the server instead?

Use the htpasswd CLI: htpasswd -B -c /etc/nginx/.htpasswd admin. The -B flag selects bcrypt and -c creates the file (omit -c to add to an existing one).

Create hashed credentials for Apache and Nginx HTTP basic authentication. Bcrypt and SHA-1 supported, all hashing done in your browser — passwords never leave the page.

Bcrypt

Apache & Nginx

100% offline

# .htpasswd entry
admin:$2y$10$N9qo8u...

# nginx / apache basic-auth
auth_basic "Restricted";

Frequently Asked Questions

Which hash should I use for .htpasswd?

Use bcrypt ( $2y$ ). It is the strongest format Apache and Nginx support and resists brute-force far better than MD5 or SHA-1. Only fall back to SHA-1 for legacy systems.

How do I use the generated line?

Paste it into your .htpasswd file (one user per line). In Apache reference it with AuthType Basic + AuthUserFile; in Nginx use auth_basic and auth_basic_user_file.

Is my password sent anywhere?

No. Hashing runs entirely in your browser. Neither the plaintext password nor the hash is transmitted, logged, or stored.

How can I generate this on the server instead?

Use the htpasswd CLI: htpasswd -B -c /etc/nginx/.htpasswd admin. The -B flag selects bcrypt and -c creates the file (omit -c to add to an existing one).

Related Tools

Password Generator Nginx & Apache Config Redirect Generator

HtpasswdGenerator

Frequently Asked Questions

Related Tools

Protect Your Site on a VPS You Control

Htpasswd
Generator