Password Management
Every application must store passwords using a cryptographic technique. FoalTS provides two functions to hash and verify passwords.
Hash and Salt Passwords
The hashPassword
utility uses the PBKDF2 algorithm with a SHA256 hash. It takes as parameters the password in plain text and an optional options
object. It returns a promise which value is a password hash.
The function generates a unique cryptographically-strong random salt for each password. This salt is returned by the function beside the password hash.
const passwordHash = await hashPassword(plainTextPassword);
Verify Passwords
The verifyPassword
takes three arguments:
- the password to check in plain text,
- and the password hash (usually fetched from the database).
const isEqual = await verifyPassword(plainTextPassword, passwordHash);
Forbid Overly Common Passwords
npm install @foal/password
To prevent users from using very weak passwords such as 123456
or password
, you can call the isCommon
function. This utility checks if the given password is part of the 10000 most common passwords listed here.
const isPasswordTooCommon = await isCommon(password);