What is an htpasswd file?

It is a plain text file that stores usernames and hashed passwords for HTTP basic authentication. Each line is a username, a colon and the password hash. Apache and Nginx read it to decide who may access a protected page or directory, prompting visitors for a username and password.

Which algorithm should I choose?

APR1 is the salted MD5 scheme Apache created for htpasswd and is widely supported, including by Nginx. The {SHA} scheme is an unsalted SHA-1 hash that some older setups expect. APR1 is the safer default of the two because it is salted, so identical passwords do not produce identical hashes.

Is my password sent to a server?

No. The username, password and hash are all produced in your browser with a built-in implementation, so nothing you type leaves your device. That makes it safe to generate credentials for private servers, and it keeps working once the page has loaded.

htpasswd Generator

Create an htpasswd line for Apache or Nginx basic authentication. Enter a username and password, pick a hashing algorithm, and copy the ready-to-use user:hash line. Everything is generated in your browser and the password is never sent anywhere.

UsernamePassword

Algorithm

Enter a username and password to generate the htpasswd line.

Generated locally in your browser. The password is never sent anywhere.

How it works

1
Enter the credentials

Type the username and the password you want to protect a page or directory with.
2
Choose an algorithm

Pick APR1, the salted MD5 scheme Apache uses, or SHA-1 for the {SHA} format. A fresh random salt is used for APR1.
3
Copy the line

Copy the generated user:hash line and add it to your .htpasswd file, then point your server at that file.

Instant & 100% private — nothing is uploaded

Everything runs locally in your browser. Your code, text and files are processed on your own device and are never sent to a server — so there are no upload waits, no size limits from us, and nothing is ever stored or logged.

Frequently asked questions

What is an htpasswd file?: It is a plain text file that stores usernames and hashed passwords for HTTP basic authentication. Each line is a username, a colon and the password hash. Apache and Nginx read it to decide who may access a protected page or directory, prompting visitors for a username and password.
Which algorithm should I choose?: APR1 is the salted MD5 scheme Apache created for htpasswd and is widely supported, including by Nginx. The {SHA} scheme is an unsalted SHA-1 hash that some older setups expect. APR1 is the safer default of the two because it is salted, so identical passwords do not produce identical hashes.
Is my password sent to a server?: No. The username, password and hash are all produced in your browser with a built-in implementation, so nothing you type leaves your device. That makes it safe to generate credentials for private servers, and it keeps working once the page has loaded.

JSON Formatter & ValidatorBeautify, minify, validate JSON with a collapsible tree view.Code Formatter & MinifierPretty-print or minify JS, TS, CSS, HTML, JSON, SQL and more.YAML ⇄ JSON ⇄ TOML ConverterConvert config between YAML, JSON and TOML, both ways.JSON Schema Viewer & ValidatorRender a JSON Schema as a tree and validate data against it.Markdown Editor (Live Preview)Write Markdown with a live, side-by-side HTML preview.Mermaid Live EditorTurn Mermaid text into flowcharts and diagrams, live.

More from the Hivly network

Free sister tools on our other sites.

Color Palette GeneratorShuffle palettes with the spacebar, lock favourites, copy hex codes.Length ConverterMetres, feet, miles, inches, km and more, instantly.Word CounterCount words, characters, sentences and reading time live.

How it works

Enter the credentials

Choose an algorithm

Copy the line

Instant & 100% private — nothing is uploaded

Frequently asked questions

More tools

More from the Hivly network