What does it do?
Passlib takes a password a user types in and transforms it into a scrambled, one-way version that’s stored instead of the actual password, then checks a future login attempt against that scrambled version without ever needing to store the real password anywhere. It supports more than thirty different hashing schemes, functioning like a locksmith who can work with whichever type of lock a building already has installed, rather than forcing every door to use the same mechanism. This flexibility made it especially useful for handling old systems, letting a company upgrade a password’s protection the next time a user logs in without disrupting anyone. It also includes tools to help pick sensible, secure default settings for beginners.
See it in action
This scrambles a password into a secure, unreadable form suitable for storage, then checks whether a later password attempt matches the original.
from passlib.context import CryptContext
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
hashed = pwd_context.hash("mypassword")
print(pwd_context.verify("mypassword", hashed))
Why would a non-developer care?
This is the layer of software that means a company storing your password securely never actually has your real password sitting in their database, only an irreversible scrambled version. That distinction is exactly why a data breach at a well-run company doesn’t have to mean your actual password gets exposed.
Real-world examples
Passlib became a go-to choice for Python web applications during the 2010s that needed to support many different hashing schemes at once, particularly when migrating legacy user databases to a stronger hashing method. The project has been in more of a maintenance mode recently, with some newer projects favoring narrowly focused libraries like bcrypt or argon2-cffi directly.
Who uses it
Backend developers handling user authentication systems, especially those maintaining older applications with mixed or legacy password-hashing schemes.
How it compares to alternatives
Unlike bcrypt, which implements exactly one hashing algorithm very well, Passlib is a broader framework supporting dozens of schemes at once, trading some simplicity for flexibility; many newer projects choose a single focused library instead.