{"id":3750,"library":"pwdlib","title":"pwdlib: Modern Password Hashing for Python","description":"pwdlib is a modern password hashing library for Python, providing an easy-to-use wrapper to hash and verify passwords with secure algorithms like Argon2 and Bcrypt. It aims to be an alternative to `passlib`, which has seen reduced maintenance. The current version is 0.3.0, and it maintains an active development status, with updates released as needed.","status":"active","version":"0.3.0","language":"en","source_language":"en","source_url":"https://github.com/frankie567/pwdlib","tags":["password hashing","security","cryptography","authentication","argon2","bcrypt"],"install":[{"cmd":"pip install 'pwdlib[argon2]'","lang":"bash","label":"Recommended installation with Argon2 support"},{"cmd":"pip install 'pwdlib[bcrypt]'","lang":"bash","label":"Installation with Bcrypt support"},{"cmd":"pip install pwdlib","lang":"bash","label":"Minimal installation (no default hashers)"}],"dependencies":[{"reason":"Provides Argon2 hashing algorithm support (used by 'argon2' extra and recommended hasher).","package":"argon2-cffi","optional":true},{"reason":"Provides Bcrypt hashing algorithm support (used by 'bcrypt' extra).","package":"bcrypt","optional":true}],"imports":[{"symbol":"PasswordHash","correct":"from pwdlib import PasswordHash"}],"quickstart":{"code":"from pwdlib import PasswordHash\n\n# Get a PasswordHash instance with recommended hashers (currently Argon2)\npassword_hash = PasswordHash.recommended()\n\n# Hash a password\nhashed_password = password_hash.hash(\"mysecretpassword\")\nprint(f\"Hashed password: {hashed_password}\")\n\n# Verify a password\nis_valid = password_hash.verify(\"mysecretpassword\", hashed_password)\nprint(f\"Password is valid: {is_valid}\")\n\n# Verify and update (if hasher or hash needs upgrade)\nis_valid_and_updated, new_hash = password_hash.verify_and_update(\"mysecretpassword\", hashed_password)\nprint(f\"Password valid and potentially updated: {is_valid_and_updated}, New hash: {new_hash}\")","lang":"python","description":"This quickstart demonstrates how to initialize the recommended password hashing configuration, hash a plain-text password, and then verify it. It also shows the `verify_and_update` method for automatic hash upgrades."},"warnings":[{"fix":"Upgrade your Python environment to version 3.10 or higher.","message":"Python 3.9 is no longer supported as of version 0.3.0. Users on Python 3.9 must upgrade their Python version to 3.10 or later.","severity":"breaking","affected_versions":">=0.3.0"},{"fix":"Update calls to `verify(password, hash)` and `verify_and_update(password, hash)`. For example, `password_hash.verify(old_hash, 'password')` should become `password_hash.verify('password', old_hash)`.","message":"In version 0.2.0, the argument order for `PasswordHash.verify()` and `PasswordHash.verify_and_update()` methods was reversed. The password is now the *first* argument, and the hash is the *second* argument, for consistency with `passlib`'s API. [cite: original text]","severity":"breaking","affected_versions":">=0.2.0"},{"fix":"Review `pwdlib`'s documentation for supported features and algorithms. If migrating from `passlib`, be aware of potential incompatibilities, especially with older hash formats or custom `CryptContext` configurations.","message":"`pwdlib` is not a direct, drop-in replacement for `passlib`. While inspired by `passlib`, it focuses on modern algorithms (Argon2, Bcrypt) and does not support many legacy hashing algorithms or advanced `CryptContext` features found in `passlib`.","severity":"gotcha","affected_versions":"all"},{"fix":"To use custom hashers, import them (e.g., `from pwdlib.hashers.bcrypt import BcryptHasher`) and instantiate `PasswordHash` explicitly: `password_hash = PasswordHash((BcryptHasher(),))`.","message":"The `PasswordHash.recommended()` method currently defaults to Argon2. If you need to explicitly use Bcrypt or a different configuration of hashers, you must instantiate `PasswordHash` with a sequence of `HasherProtocol` objects.","severity":"gotcha","affected_versions":"all"}],"env_vars":null,"last_verified":"2026-04-11T00:00:00.000Z","next_check":"2026-07-10T00:00:00.000Z"}