fbutube.com
Menu

Creator Tools

Creator Tools HubAdd Play Button to ImageYouTube Thumbnail GrabberCustom YouTube ThumbnailMeme GeneratorAI Excuse GeneratorAdd Play Button to YouTube

Image Tools

Image Tools HubResize ImageCompress ImageConvert Image to WebPConvert JPG to PNGConvert PNG to JPGConvert WebP to JPGConvert WebP to PNGConvert Image to B&W

PDF Tools

PDF to Image (Hub)PDF to JPGPDF to PNGImage to PDF (Hub)JPG to PDFPNG to PDF

URL Tools

URL Shortener

Audio Tools

MP3 Cutter

Account

Laravel Password Generator

Generate Laravel-compatible bcrypt hashes with the $2y$ prefix.

Privacy First

Hashing is performed locally in your browser via JavaScript. Your plaintext password never touches our server.

1. Settings

Higher cost is slower but more secure. Laravel commonly uses 10–12 (config/hashing.php).

Laravel bcrypt ($2y$)

This tool normalizes the hash prefix to $2y$ to match Laravel output.

2. Generate Hash

3. Verify Hash

Laravel Code

use Illuminate\Support\Facades\Hash;

$hash = Hash::make('your-password');

// Verify
$ok = Hash::check('your-password', $hash);

Laravel bcrypt ($2y$) password hash generator

This Laravel bcrypt password hash generator creates hashes that are compatible with Laravel’s built-in authentication system. Laravel never stores your raw password; it stores a bcrypt hash (typically starting with the $2y$ prefix). Use this tool when you need a quick, correct hash for development, manual database fixes, or migrations.

Common use cases

  • Testing and development (seed a known login)
  • Creating a user manually (admin user setup)
  • Resetting a password directly in the database
  • Database seeding and fixtures
  • Fixing broken accounts after a migration

How to manually update a Laravel user password in MySQL

The typical reason developers search for a “Laravel password generator” is to set a password for an existing user row. The process is simple, but you must be careful, especially on production systems.

  1. Back up your database (or at least the users table) before editing anything.
  2. Generate a bcrypt hash using this page (or generate it inside Laravel using Hash::make).
  3. Update the user’s password column with the generated hash.
  4. Log in to confirm the new password works, then remove any temporary credentials.

Example query (replace the email and hash):

UPDATE users
SET password = '$2y$12$REPLACE_WITH_YOUR_HASH_HERE'
WHERE email = '[email protected]'
LIMIT 1;

If your app uses a different table or column name, update the query accordingly. If you use Laravel guards or a custom user provider, make sure you are updating the correct user model’s table.

Technical deep dive: $2a$, $2y$, and $2b$ bcrypt prefixes

Bcrypt hashes start with a version prefix that looks like $2a$, $2y$, or $2b$. All of them refer to the bcrypt algorithm, but the prefix indicates which variant/version the hash was produced by.

  • $2y$: The prefix produced by PHP’s password_hash (and therefore Laravel) for bcrypt.
  • $2b$: A modern prefix used by many other implementations and libraries.
  • $2a$: An older prefix you may still see in legacy systems.

In practice, bcrypt hashes with these prefixes share the same structure: version, cost, salt, and hash. Laravel will typically store hashes that begin with $2y$, so this tool normalizes the output prefix to match.

Why Laravel uses bcrypt (and why MD5/SHA1 is dangerous)

Bcrypt is designed for passwords: it is intentionally slow and includes a configurable cost factor. That slowness is a security feature because it makes brute-force guessing dramatically more expensive. In contrast, simple hashes like MD5 or SHA1 are fast and were designed for integrity checks, not password storage. Fast hashing makes it easier for attackers to try billions of guesses per second using GPUs.

The bcrypt cost (sometimes called “rounds”) controls how expensive hashing becomes. Many Laravel applications run with a cost of 10–12 by default, but the correct value depends on your server performance requirements. Increasing cost improves resistance to offline attacks, but it also increases CPU usage during login.

FAQ

Is this safe to use?

Yes. Hashing is executed locally in your browser, and your plaintext password is not sent to our server. Still, avoid using real production passwords on shared or untrusted devices.

Will this work with all Laravel versions?

It works for Laravel projects that use bcrypt for the password column (the common default). If your app uses Argon2 (argon2i/argon2id) or a custom hasher, use the algorithm your app is configured for in config/hashing.php.

Can I verify an existing hash?

Yes. Paste the hash and the plaintext password into the verifier above to check whether they match. This is helpful when debugging seeded users or confirming a manual update.