Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Drupal 10.1 Users:
This is not the phpass module automatically installed on sites upgraded to ^10.1.
@see Documentation: Password Compatibility (phpass)
@see Change note: Password hashing is changed
@see Release note: https://www.drupal.org/project/drupal/releases/10.1.0
This module stores password hashes securely.
The default password hashes in Drupal 6 (and before) are rather insecure. MD5 is easy to crack, should an attacker find a database dump or gain access to your database. This module implements secure password hashes using the phpass password hashing method - multiple rounds of hashing and salting that make reversing the hash significantly more difficult to break by brute-force attack. This is the same approach that is used for Drupal 7.
The 1.x branches are unsupported.
The 2.x branches feature simplified code and only supports the portable password hashing mechanism backported from Drupal 7 core.
WARNING: after this module is installed and any user password's have been converted, you will not be able to uninstall
Supporting organizations:
Project information
Minimally maintained
Maintainers monitor issues, but fast responses are not guaranteed.- Maintenance fixes only
Considered feature-complete by its maintainers. - Module categories: Security, Access Control
68 sites report using this module- Created by douggreen on , updated
Stable releases for this project are covered by the security advisory policy.
There are currently no supported stable releases.
