Loading htpasswd Generator...
Create Apache / nginx .htpasswd entries with bcrypt, APR1 (MD5), crypt SHA-256/SHA-512, or SHA-1. Hashing runs entirely in your browser.
Strongest and recommended. Apache 2.4+ and nginx support it.
.htpasswd file (one user per line).Generate Apache and nginx .htpasswd entries with bcrypt, APR1 (Apache MD5), crypt SHA-256/SHA-512, or SHA-1. Hashing runs entirely in your browser.
An .htpasswd file stores the usernames and hashed passwords used for HTTP Basic Authentication in Apache and nginx. Each line is username:hash, where the hash format tells the server which algorithm to verify with. This generator produces those lines for every algorithm a server is likely to accept: bcrypt ($2y$), Apache APR1 MD5 ($apr1$), glibc crypt SHA-256 ($5$) and SHA-512 ($6$), and legacy SHA-1 ({SHA}). The password is hashed locally and never leaves your browser.
Input:
user: admin, password: secret, algorithm: bcrypt
Output:
admin:$2y$10$N9qo8uLOickgx2ZMRZoMy...
Which algorithm should I use?
bcrypt is the strongest and is supported by Apache 2.4+ and nginx. APR1 is the widely compatible classic default. Avoid SHA-1 and plaintext for anything internet-facing.
Why does the hash change every time I generate it?
These schemes use a random salt, so the same password yields a different hash each run. The server still verifies it correctly because the salt is embedded in the hash.
How do I add the entry to my server?
Append the generated username:hash line to your .htpasswd file (one user per line) and point Apache's AuthUserFile or nginx's auth_basic_user_file at it.
Is my password sent to a server?
No. All hashing happens in your browser; the password never leaves your device.