Yii2 Framework

Yii2 Framework ships with support for crypt() and ext/password via it's security component.


Yii2 security comes installed with a yii2 composer install, nothing special is required.


By default Yii2 uses crypt() for hashing, but if you have PHP >= 5.5.0 we recommend you use ext/password by adding the following in your config/web.php file.

return [
  'components' => [
    'security' => [
      'passwordHashStrategy' => 'password_hash'

For more security documentation please visit Yii2 Security - Passwords

Hashing passwords

$hash = Yii::$app->getSecurity()->generatePasswordHash($password);

Verifying a password

if (Yii::$app->getSecurity()->validatePassword($password, $hash)) {
  // all good, logging user in
} else {
  // wrong password