Best way to protect your password in 2019 with PHP

Question

I'm just wondering what is the best way to encrypt your password with PHP in 2019. I'm using this method, but many people tell me that is an unsafe way now:

$password_protect = md5($_POST["password"]);

I did some research but I find only for 2017. So, what is the best way for that?

Thank you

[This](https://stackoverflow.com/questions/43864379/best-way-encrypt-password-php-in-2017) — upss1988, Feb 11 '19 at 10:26
Now days you need to hash the password and use a random salt — cmac, Feb 11 '19 at 10:27

Cliff Rono · Accepted Answer · 2019-02-11T10:38:06.440

Use password_hash().

Also check on password_verify().

PHP passwordhash()

And also check

password_verify()

Example:

$password = "ABCDabcd";

echo password_hash($password, PASSWORD_BCRYPT, array('cost'=>12));

The example should output something like this:

$2y$12$N6FSH8yRo0YMQ4oPJHN1vOkv7GfK3OhVp22H/AjGoVLY.5Dm7ECYS

To verify: Say user input their password and you stored it in input variable;

$input = 'ABCDabcd';

$hashed_password = '$2y$12$N6FSH8yRo0YMQ4oPJHN1vOkv7GfK3OhVp22H/AjGoVLY.5Dm7ECYS';

if(password_verify($input,$hashed_password)){

echo 'password is valid';

}else{

echo 'Password is invalid';

}

This should return password is valid.

Yes, this makes sense. Thank you. – upss1988 Feb 12 '19 at 17:42 — upss1988, Feb 12 '19 at 17:42

Best way to protect your password in 2019 with PHP

1 Answers1