Why can't I just use SHA-256 for password hashing?

SHA-256 is a general-purpose hash designed to be fast. That speed is a vulnerability for passwords — attackers can compute billions of SHA-256 hashes per second on modern GPUs. Password-specific algorithms like bcrypt, Argon2, and PBKDF2 are intentionally slow (configurable work factor), making brute-force attacks computationally infeasible.

What is password entropy and how is it calculated?

Password entropy measures the unpredictability of a password in bits. It's calculated as: entropy = log₂(characters^length). A random 12-character password using lowercase, uppercase, digits, and symbols (94 characters) has about 78 bits of entropy. Higher entropy means more guesses needed to crack it. 80+ bits is considered very strong.

What is the difference between bcrypt and Argon2?

Both are password hashing algorithms, but Argon2 (winner of the 2015 Password Hashing Competition) is more modern. bcrypt uses a CPU-hard work factor; Argon2 adds memory-hardness, making it resistant to GPU and ASIC attacks. Argon2id (hybrid variant) is the current recommendation for new applications, though bcrypt remains secure and widely supported.

How long should a password be to be secure?

Minimum 12 characters for important accounts, 16+ for high-security accounts. Length matters more than complexity: a random 16-character lowercase password (75 bits entropy) is stronger than a random 8-character password with symbols (52 bits). Passphrases of 4-5 random words (e.g., 'correct horse battery staple') offer both security and memorability.

Password Security Guide: Entropy, Hashing & Best Practices for Developers

Q: What is a salt in password hashing?

A salt is a random value (typically 16-32 bytes) unique to each password that's combined with the password before hashing. It ensures that identical passwords produce different hashes, defeating precomputed rainbow table attacks. Both bcrypt and Argon2 handle salting automatically — you don't need to manage it separately.

Security 12 min read April 2026

In 2024, "123456" was still the most common password worldwide. But even a strong password is only as secure as how it's stored. This guide covers password security from both sides — generating strong passwords and storing them safely as a developer.

Password Entropy: Measuring Strength

Entropy quantifies how unpredictable a password is, measured in bits:

Entropy = log₂(character_pool ^ length)

Character Set	Pool Size	8 chars	12 chars	16 chars
Lowercase only	26	37 bits	56 bits	75 bits
Lower + Upper	52	46 bits	68 bits	91 bits
Lower + Upper + Digits	62	48 bits	71 bits	95 bits
All printable ASCII	94	52 bits	78 bits	105 bits

💡 Key insight: Length beats complexity. A 16-character lowercase password (75 bits) is stronger than an 8-character password with every character type (52 bits). Always prioritize length.

How Passwords Should Be Stored

Never store passwords in plain text or with reversible encryption. The correct approach is one-way hashing with a salt:

Generate a unique random salt (16-32 bytes) for each password
Hash: stored_hash = hash_function(salt + password)
Store the salt and hash together (most algorithms handle this automatically)
To verify: recompute the hash with the same salt and compare

Password Hashing Algorithms Compared

Algorithm	CPU-Hard	Memory-Hard	Parallelism Resistance	Recommendation
Argon2id	✅	✅	✅	Best choice for new applications
bcrypt	✅	❌	Moderate	Excellent, widely supported
scrypt	✅	✅	✅	Good alternative to Argon2
PBKDF2	✅	❌	❌	NIST-approved, but vulnerable to GPU attacks
SHA-256	❌	❌	❌	Never use for passwords
MD5	❌	❌	❌	Broken — never use

Why General-Purpose Hashes Fail for Passwords

SHA-256 can compute billions of hashes per second on a modern GPU. An 8-character password using all printable ASCII (52 bits of entropy) can be brute-forced in under 24 hours. Password-specific algorithms add a configurable work factor that makes each hash computation intentionally expensive:

bcrypt with cost factor 12: ~250 ms per hash → brute-forcing 52-bit password takes centuries
Argon2id with 64 MB memory, 3 iterations: ~500 ms per hash, plus requires 64 MB RAM per attempt

Salting: Why Every Password Needs Its Own

Without salts, identical passwords produce identical hashes. An attacker with a stolen database can:

Use precomputed rainbow tables to instantly reverse common password hashes
Identify users sharing the same password (they'll have the same hash)
Crack one password and compromise all accounts using it

A unique salt per password defeats all of these attacks. Both bcrypt and Argon2 handle salting automatically — the salt is embedded in the output string.

Password Generation Best Practices

Use a cryptographically secure random number generator — crypto.getRandomValues() in browsers, secrets module in Python, SecureRandom in Java
Never use Math.random() for security purposes — it's not cryptographically secure
Minimum 12 characters for standard accounts, 16+ for high-security
Passphrases work — 4-5 random dictionary words provide both high entropy and memorability
Avoid patterns — "Password1!" meets most complexity requirements but is trivially crackable

Common Password Security Mistakes

Storing passwords in plain text — any database breach exposes all credentials
Using MD5 or SHA-1 — both are computationally broken for password use
Enforcing maximum length limits — if you're hashing, the input length doesn't affect storage
Requiring frequent password changes — NIST no longer recommends this; it leads to weaker passwords
Blocking paste in password fields — this discourages password manager use
Rolling your own crypto — use established libraries (bcryptjs, argon2, passlib)

Frequently Asked Questions

SHA-256 is designed to be fast — attackers can compute billions of hashes per second. Password-specific algorithms like bcrypt and Argon2 are intentionally slow, making brute-force attacks computationally infeasible.

Entropy measures unpredictability in bits: entropy = log₂(characters^length). A 12-character password with all printable ASCII has ~78 bits of entropy. 80+ bits is considered very strong.

Both are password hashing algorithms. Argon2 is more modern and adds memory-hardness, making it resistant to GPU and ASIC attacks. Argon2id is recommended for new applications; bcrypt remains secure and widely supported.

A salt is a random value unique to each password that ensures identical passwords produce different hashes, defeating rainbow table attacks. bcrypt and Argon2 handle salting automatically.

Minimum 12 characters for important accounts, 16+ for high-security. Length matters more than complexity — a 16-character lowercase password is stronger than an 8-character one with symbols.

Generate a strong password

Open Password Generator →