[{"data":1,"prerenderedAt":398},["ShallowReactive",2],{"blog-prompts/add-password-hashing":3},{"id":4,"title":5,"body":6,"category":377,"date":378,"dateModified":379,"description":380,"draft":381,"extension":382,"faq":383,"featured":381,"headerVariant":384,"image":383,"keywords":383,"meta":385,"navigation":386,"ogDescription":387,"ogTitle":383,"path":388,"readTime":383,"schemaOrg":389,"schemaType":390,"seo":391,"sitemap":392,"stem":393,"tags":394,"twitterCard":396,"__hash__":397},"blog/blog/prompts/add-password-hashing.md","Add Password Hashing with AI Prompts",{"type":7,"value":8,"toc":367},"minimark",[9,16,21,33,98,102,105,166,176,180,183,235,239,242,288,297,313,317,320,341,355],[10,11,12],"tldr",{},[13,14,15],"p",{},"Never store passwords in plain text. Use bcrypt, argon2, or scrypt with automatic salting and appropriate work factors. These prompts help you implement password hashing correctly, migrate existing plain text passwords, and verify hashes securely.",[17,18,20],"h2",{"id":19},"implement-password-hashing","Implement Password Hashing",[13,22,23,24,28,29,32],{},"Copy this prompt to add bcrypt password hashing to your registration and login flows. Your AI will generate ",[25,26,27],"code",{},"hashPassword"," and ",[25,30,31],{},"verifyPassword"," helper functions with proper cost factors, timing-safe comparison, and integration with your user model.",[34,35,37,40,47,50,69,72,81,84,95],"prompt-box",{"title":36},"Add Bcrypt Hashing",[13,38,39],{},"Add bcrypt password hashing to my user registration and login.",[13,41,42,43],{},"Language: ",[44,45,46],"span",{},"JavaScript/TypeScript/Python",[13,48,49],{},"Requirements:",[51,52,53,57,60,63,66],"ol",{},[54,55,56],"li",{},"Hash password on registration with bcrypt",[54,58,59],{},"Verify password on login",[54,61,62],{},"Use cost factor of 12 (adjust for your server)",[54,64,65],{},"Handle async operations properly",[54,67,68],{},"Clear plain text password from memory after hashing",[13,70,71],{},"Create helper functions:",[73,74,75,78],"ul",{},[54,76,77],{},"hashPassword(plainText) -> hash",[54,79,80],{},"verifyPassword(plainText, hash) -> boolean",[13,82,83],{},"Also add:",[73,85,86,89,92],{},[54,87,88],{},"Password strength validation before hashing",[54,90,91],{},"Timing-safe comparison",[54,93,94],{},"Error handling for invalid hashes",[13,96,97],{},"Show me how to integrate with my user model.",[17,99,101],{"id":100},"argon2-recommended-for-new-projects","Argon2 (Recommended for New Projects)",[13,103,104],{},"Use this prompt to implement argon2id password hashing with recommended parameters for memory, iterations, and parallelism. Your AI will generate hash and verify functions, a configuration object, and a migration helper if you're switching from bcrypt.",[34,106,108,111,115,118,132,135,149,152,163],{"title":107},"Argon2 Implementation",[13,109,110],{},"Implement argon2 password hashing (more secure than bcrypt).",[13,112,42,113],{},[44,114,46],{},[13,116,117],{},"Use argon2id variant with recommended parameters:",[73,119,120,123,126,129],{},[54,121,122],{},"Memory: 64MB (65536 KB)",[54,124,125],{},"Iterations: 3",[54,127,128],{},"Parallelism: 4",[54,130,131],{},"Hash length: 32 bytes",[13,133,134],{},"Create:",[51,136,137,140,143,146],{},[54,138,139],{},"hashPassword function with argon2id",[54,141,142],{},"verifyPassword function",[54,144,145],{},"Configuration object for parameters",[54,147,148],{},"Migration helper from bcrypt to argon2",[13,150,151],{},"Handle:",[73,153,154,157,160],{},[54,155,156],{},"Systems with limited memory (fallback params)",[54,158,159],{},"Async operations",[54,161,162],{},"Error cases (invalid hash format)",[13,164,165],{},"Include parameter tuning guidance for my server specs.",[167,168,169],"warning-box",{},[13,170,171,175],{},[172,173,174],"strong",{},"Never use MD5, SHA1, or SHA256 alone for passwords:"," These are fast hashes designed for data integrity, not password storage. Attackers can try billions per second. Use bcrypt, argon2, or scrypt which are intentionally slow.",[17,177,179],{"id":178},"migrate-plain-text-passwords","Migrate Plain Text Passwords",[13,181,182],{},"Paste this prompt to create a safe migration plan for plain text passwords in your database. Your AI will generate a migration script, an updated login flow that hashes on first login, a background job for forced resets, and rollback steps.",[34,184,186,189,192,195,212,215,232],{"title":185},"Password Migration Strategy",[13,187,188],{},"My database has passwords stored in plain text. Create a migration plan.",[13,190,191],{},"Current state: passwords in plain text in users table",[13,193,194],{},"Migration strategy:",[51,196,197,200,203,206,209],{},[54,198,199],{},"Add new 'password_hash' column",[54,201,202],{},"Keep old 'password' column temporarily",[54,204,205],{},"On each login, check old password and migrate to hash",[54,207,208],{},"Background job to force-reset unmigrated accounts",[54,210,211],{},"Eventually remove old column",[13,213,214],{},"Implementation needed:",[73,216,217,220,223,226,229],{},[54,218,219],{},"Migration script to add column",[54,221,222],{},"Updated login flow that handles both",[54,224,225],{},"Background job for forced resets",[54,227,228],{},"Audit logging for migration progress",[54,230,231],{},"Rollback plan if issues occur",[13,233,234],{},"Timeline: All passwords migrated within 30 days\nAfter migration: Force password reset for stragglers",[17,236,238],{"id":237},"rehashing-on-login","Rehashing on Login",[13,240,241],{},"Use this prompt to implement automatic rehashing when a user logs in with an outdated hash. Your AI will generate logic that detects old cost factors or algorithms, rehashes after successful verification, and updates the stored hash transparently.",[34,243,245,248,251,254,268,271,285],{"title":244},"Upgrade Hash Parameters",[13,246,247],{},"Implement automatic rehashing when hash parameters are outdated.",[13,249,250],{},"Scenario: I increased bcrypt cost from 10 to 12\nOld users have cost=10 hashes",[13,252,253],{},"On successful login:",[51,255,256,259,262,265],{},[54,257,258],{},"Verify password against existing hash",[54,260,261],{},"Check if hash uses current parameters",[54,263,264],{},"If outdated, rehash with new parameters",[54,266,267],{},"Update stored hash",[13,269,270],{},"Implement:",[73,272,273,276,279,282],{},[54,274,275],{},"Function to check if hash needs upgrade",[54,277,278],{},"Rehash and save after successful verification",[54,280,281],{},"Support multiple hash algorithms (for migrations)",[54,283,284],{},"Logging for rehash events",[13,286,287],{},"This ensures all active users get upgraded hashes\nwithout requiring password resets.",[289,290,291],"tip-box",{},[13,292,293,296],{},[172,294,295],{},"Pro tip:"," Test your hash time on your production server. Bcrypt cost 12 should take 200-400ms. Adjust up or down based on your hardware and acceptable login latency.",[298,299,300,307],"faq-section",{},[301,302,304],"faq-item",{"question":303},"Bcrypt or Argon2?",[13,305,306],{},"Argon2 is newer and generally recommended for new projects. Bcrypt is battle-tested and perfectly fine. Either is vastly better than MD5/SHA. The most important thing is using one of them correctly.",[301,308,310],{"question":309},"What cost factor should I use?",[13,311,312],{},"For bcrypt, start with 12 and measure. It should take 200-400ms on your server. Argon2 parameters should use as much memory as you can afford (64MB+) with 3+ iterations.",[17,314,316],{"id":315},"further-reading","Further Reading",[13,318,319],{},"Want to understand the vulnerability before fixing it? These guides explain what's happening and why.",[73,321,322,329,335],{},[54,323,324],{},[325,326,328],"a",{"href":327},"/blog/vulnerabilities/exposed-api-keys","Understanding exposed API keys",[54,330,331],{},[325,332,334],{"href":333},"/blog/how-to/hide-api-keys","How to hide API keys step-by-step",[54,336,337],{},[325,338,340],{"href":339},"/blog/best-practices/secrets","Secret management best practices",[342,343,344,350],"related-articles",{},[345,346],"related-card",{"description":347,"href":348,"title":349},"Complete login security","/blog/prompts/secure-login-flow","Secure Login Flow",[345,351],{"description":352,"href":353,"title":354},"Safe reset flows","/blog/prompts/secure-password-reset","Secure Password Reset",[356,357,360,364],"cta-box",{"href":358,"label":359},"/","Start Free Scan",[17,361,363],{"id":362},"find-plain-text-passwords","Find Plain Text Passwords",[13,365,366],{},"Scan your database for unprotected password storage.",{"title":368,"searchDepth":369,"depth":369,"links":370},"",2,[371,372,373,374,375,376],{"id":19,"depth":369,"text":20},{"id":100,"depth":369,"text":101},{"id":178,"depth":369,"text":179},{"id":237,"depth":369,"text":238},{"id":315,"depth":369,"text":316},{"id":362,"depth":369,"text":363},"prompts","2026-02-13","2026-03-06","AI prompts to implement secure password hashing. Use bcrypt, argon2, or scrypt to protect user passwords with proper salting and work factors.",false,"md",null,"cyan",{},true,"AI prompts to implement secure password hashing with bcrypt or argon2.","/blog/prompts/add-password-hashing","[object Object]","BlogPosting",{"title":5,"description":380},{"loc":388},"blog/prompts/add-password-hashing",[395],"Critical","summary_large_image","vpFAl6z4BVSXeODNaQ6eVw6PZzOupvRRhHp-emtg_F4",1775843938822]