accounts-password package adds secure password-based authentication to Meteor applications, supporting both bcrypt and Argon2 password hashing.
Installation
accounts-base.
Overview
The accounts-password package provides:- Secure password hashing with bcrypt or Argon2
- User creation with email/username and password
- Password reset and change functionality
- Email verification
- Enrollment emails for new users
- Account lockout after failed attempts (with rate limiting)
Package Information
- Version: 3.2.2
- Summary: Password support for accounts
- Dependencies:
accounts-base,sha,email,random,check - NPM packages:
bcrypt@5.0.1,argon2@0.41.1
Password Hashing
Bcrypt (Default)
By default, passwords are hashed using bcrypt:Argon2 (Recommended)
Argon2 is the modern password hashing algorithm that won the Password Hashing Competition in 2015. It’s recommended for new applications.
Enable Argon2 password hashing instead of bcrypt
Argon2 variant:
argon2i (optimized for password hashing), argon2d (optimized for cryptocurrencies), or argon2id (hybrid, recommended)Number of iterations (higher = more secure, slower)
Memory usage in KiB (higher = more secure, more memory)
User Creation
Client-Side
Server-Side
Login
With Email
With Username
With Username or Email
Password Management
Change Password
Set Password (Server)
Password Reset
Request Reset
Reset with Token
Email Verification
Send Verification Email
Verify Email with Token
Auto-send on Registration
Email Templates
Customize the emails sent by accounts-password:User Enrollment
Security Configuration
Restrict Account Creation
Token Expiration
Ambiguous Error Messages
Enable ambiguous errors to prevent user enumeration attacks.
Rate Limiting
The package automatically usesddp-rate-limiter to prevent brute force attacks: