FE Interview Hub
categories.security Basic

Password Hashing Best Practices: bcrypt vs Argon2

AI Practice

Explain best practices for storing passwords securely.

What NOT to Do

  • Store passwords in plaintext
  • Use MD5 or SHA-1 directly (too fast, vulnerable to rainbow tables and brute force)
  • Hash without a salt

Correct Approach

Use Adaptive Hashing Algorithms

bcrypt: Built-in salting, adjustable work factor to tune computation cost. Widely used.

Argon2: Winner of the 2015 Password Hashing Competition. Memory-hard, resistant to GPU-accelerated attacks. Recommended for new systems.

Salting

Use a unique random salt per password to prevent rainbow table attacks and ensure identical passwords produce different hashes.

Work Factor

Periodically increase the cost factor as hardware improves to keep brute-force attacks expensive.

✦ AI Mock Interview

Type your answer and get instant AI feedback

Sign in to use AI scoring

← Previous

JWT Best Practices and Security Considerations

Next →

HTTPS and TLS Encryption

Copyright © 2026 Wood All Rights Reserved · FE Interview Hub

GitHubAdmin