Before I started building auth into my own projects, I didn't think too deeply about what was happening to passwords behind the scenes. Like most developers, I installed a library, called a hash funct

freeCodeCamp is a nonprofit organization offering free online coding courses and programming tutorials, covering topics such as web development, data science, and machine learning. Learners can gain practical coding skills, build real-world projects, and earn certifications to advance their careers in tech.

freeCodeCamp

A practical explainer on what auth libraries do under the hood when handling passwords. Covers the difference between hashing and encryption, why plain hashes are insufficient due to rainbow tables and hash collisions, how salting solves those problems, and why bcrypt's deliberately slow cost factor matters for brute-force resistance. Breaks down the anatomy of a bcrypt hash string, showing how the algorithm version, cost factor, salt, and hash are all encoded together in one value.

What Your Auth Library Isn't Telling You About Passwords: Hashing and Salting Explained

Why bcrypt Is Slow (and Why That's the Point)