use bcrypt packgae to hash and compare passwords : hash : await bcrypt.hash(req.body.password,10) compare : await bcrypt.compare(req.body.password, db.passwordHash)