The default password hashing algorithm was switched to argon2id in Drupal 12. For the rare case where this is not desirable - or argon2 is not available - it can be switched to the PHP default algorithm (bcrypt) using kernel parameters.
Find available hashing algorithms
Run this command on your server:
php -r 'echo implode("\n", password_algos()) . "\n";'
The output should be something like this:
2y
argon2i
argon2id
The value "2y" corresponds to bcrypt; "argon2i" and "argon2id" correspond to argon2.
Custom services.yml example
In settings.php, look for this line:
$settings['container_yamls'][] = DRUPAL_ROOT . '/sites/default/services.yml';
If it is not there, then add it. You can use a different path if you like.
Edit or create the file services.yml as specified in settings.php. Add two new parameters. In most cases you won't need to add password.options as the default options will suffice.
parameters:
# Can be argon2i, argon2id or 2y (bcrypt). Setting to NULL (~) will use PASSWORD_DEFAULT.
# See https://www.php.net/password_hash
password.algorithm: ~ # 👈️ Parameter 1
# Options passed to password_hash. See https://www.php.net/password_hash
password.options: [] # 👈️ Parameter 2 - optional
By default, Drupal 12.0.0 uses password.algorithm: argon2id. Instead of argon2id or ~, you can use any available hashing algorithm. (See the previous section.) If you have particular requirements for password hashing, then you can set password.options as needed.
