HTPASSWD Generator

An .htpasswd file stores username and password pairs for Apache HTTP basic authentication. Each line contains a username and hashed password separated by a colon (user:$2y$10$hash...). The file is referenced by Apache's .htaccess or httpd.conf to protect directories or URLs with login prompts.

Bcrypt ($2y$) is the most secure option and recommended for all new setups. Apache MD5 ($apr1$) is widely compatible but less secure. SHA-1 ({SHA}) and crypt() are legacy options — avoid them for new deployments. Bcrypt is supported in Apache 2.4+ and most modern reverse proxies.

Copy the generated line (e.g., admin:$2y$10$...) into a file named .htpasswd on your server. Then configure Apache to use it with: AuthType Basic, AuthName "Protected", AuthUserFile /path/.htpasswd, Require valid-user in your .htaccess or virtual host config.

Yes — add one user:hash entry per line in the .htpasswd file. Generate each user's entry separately with this tool and append them to the file. Each user can have a different hashing algorithm, though using bcrypt for all is recommended for consistency and security.

HTTP basic auth transmits credentials encoded in Base64 (not encrypted) with every request. It is only secure over HTTPS, which encrypts the entire connection. For production use, always enable HTTPS. For stronger security, consider token-based authentication (OAuth2, JWT) instead of basic auth.