Bcrypt Hash Password Verifier

Verify a plain text password against a bcrypt hash locally in your browser. Useful for debugging authentication flows and checking password migrations

Password and Hash
Enter the password candidate and paste the bcrypt hash you want to verify.

Supports standard $2a$, $2b$, and $2y$ bcrypt strings with cost 04 through 31.

Inputs stay in this browser session and are not saved to local storage.

Verification Result
Run verification to see whether the password matches the hash.
Ready to verify
Paste a bcrypt hash, enter the password you want to test, then choose Verify.

What It Does

Verify whether a plain text password matches a bcrypt password hash. This is useful when you are debugging login code, checking imported user records, or confirming that a password migration kept hashes compatible.

Accepted Input

Paste a standard bcrypt hash such as $2b$10$... and enter the password candidate you want to test. The verifier accepts $2a$, $2b$, and $2y$ prefixes with cost values from 04 through 31.

Reading The Result

A matching result means bcrypt accepted the password for that hash, including the salt and cost embedded in the hash string. A mismatch means the password did not verify; it does not prove that the hash itself is insecure. Invalid hash errors usually mean the prefix, cost, length, or bcrypt base64 characters are malformed.

Privacy And Security Notes

  • Verification runs locally in your browser.
  • Passwords and hashes are not stored in local storage.
  • bcrypt is designed for password storage, not general-purpose file checksums.
  • Use this tool for debugging and validation, not as the only audit of a production authentication system.