htpasswd Generator

Create a .htpasswd entry for HTTP basic auth on Nginx, Apache, Traefik, or Caddy. bcrypt is the default and the right choice. All hashing happens in your browser, so the password is never transmitted.

UsernamePasswordAlgorithm

Hashing runs entirely in your browser. The password is never sent anywhere. Paste the line into your .htpasswd file, one user per line.

How to use the line

Each entry is username:hash on its own line in a .htpasswd file. Point your server at that file: in Nginx with auth_basic_user_file, in a Traefik basicauth middleware, or in a Caddy basic_auth block. Add one line per user.

Use bcrypt. It is salted and deliberately slow, which is what you want for a stored credential. SHA-1 is here only for old setups that cannot do bcrypt; it is fast and unsalted, so avoid it for anything that matters.

Basic auth is a reasonable lock on an internal tool, but it is a single shared secret over whatever transport you use, so always put it behind HTTPS. For real user accounts and SSO, an auth proxy is the better tool.

Setting up the reverse proxy this protects? Nginx Proxy Manager vs Traefik and Caddy vs Nginx cover the options.