Skip to main content

Passwords

To enable or disable passwords, update your configuration file:

config.yml
selfservice:
methods:
password:
enabled: true

BCrypt

Per default, passwords are hashed using BCrypt. You can configure the BCrypt hasher using the following options:

config.yml
hashers:
algorithm: bcrypt
danger

BCrypt has a maximum length of 72 bytes for passwords. If a longer password is attempted to be used, an error will be returned to the user.

Bcrypt algorithm can be configured only by the following cost option (default value is 12):

config.yml
hashers:
bcrypt:
cost: 12

Argon2id

By default, Ory Identities uses BCrypt algorithm for password hashing. Use the following option to use the Argon2id algorithm:

config.yml
hashers:
argon2:
parallelism: 1
memory: 128MB
iterations: 3
salt_length: 16
key_length: 32

To determine the ideal parameters, head over to the setup guide.