Passwords settings

To enable or disable passwords, update your configuration file:

config.yml

selfservice:
  methods:
    password:
      enabled: true

BCrypt

Per default, passwords are hashed using BCrypt. You can configure the BCrypt hasher using the following options:

config.yml

hashers:
  algorithm: bcrypt

danger

BCrypt has a maximum length of 72 bytes for passwords. If a longer password is attempted to be used, an error will be returned to the user.

Bcrypt algorithm can be configured only by the following cost option (default value is 12):

config.yml

hashers:
  bcrypt:
    cost: 12

Argon2id

By default, Ory Identities uses BCrypt algorithm for password hashing. Use the following option to use the Argon2id algorithm:

config.yml

hashers:
  argon2:
    parallelism: 1
    memory: 128MB
    iterations: 3
    salt_length: 16
    key_length: 32

To determine the ideal parameters, head over to the setup guide.