Secure passwords in Yii2 framework Published: 2015-01-03

Recently I contributed a Yii2 framework solution to the project, I wanted to share this here as well.

Yii2 Framework ships with support for crypt() and ext/password via it's security component.


Yii2 security comes installed with a yii2 composer install, nothing special is required.


By default Yii2 uses crypt() for hashing, but if you have PHP >= 5.5.0 we recommend you use ext/password by adding the following in your config/web.php file.

return [
  'components' => [
    'security' => [
      'passwordHashStrategy' => 'password_hash'

For more security documentation please visit Yii2 Security - Passwords

Hashing passwords

$hash = Yii::$app->getSecurity()->generatePasswordHash($password);

Verifying a password

if (Yii::$app->getSecurity()->validatePassword($password, $hash)) {
// all good, logging user in
} else {
  // wrong password
} - Yii2 Framework