Password security is an important aspect of the web-based Employee Management Information System (SIMPEG) because this system contains user data and sensitive employee information. This study aims to compare the performance and security resilience of the Bcrypt, Argon2, and PBKDF2 algorithms using the SIMPEG authentication module. The method used is applied experimentation where the three algorithms are implemented in the registration and login processes, using a dataset of 200 synthetic passwords divided into four levels of complexity. Performance testing is based on hashing time, verification time, hash length, and resource usage. Security testing has been conducted with a dictionary attack simulation using Hashcat, NVIDIA RTX 3060 6 GB GPU, and a 5000-password wordlist. The test results show that the lowest hashing and verification times are for PBKDF2, which are 226.007 ms and 228.536 ms, followed by Bcrypt with 317.610 ms and 320.693 ms. Argon2 has the highest processing times with 1403.172 ms for hashing and 1198.050 ms for verification. However, Argon2 has the best resistance to dictionary attacks with a cracking time of 6 hours and 35 minutes and a hash rate of 19 H/s, better than Bcrypt and PBKDF2. Thus, Argon2 is recommended for SIMPEG with a higher priority on password security, while Bcrypt can be a more balanced alternative between security and performance.

M. A. Al Hilmi and R. K. Yunan, “Pengujian Keamanan Fitur Upload File pada Sistem Aplikasi Web,” J. Inform. J. Pengemb. IT, vol. 7, no. 1, pp. 37–42, 2022, doi: 10.30591/jpit.v7i1.3336.

S. Erdi, P. Sohidin, H. Prasetyo Utomo, and A. Ahmadi, “Penerapan Algoritma Bcrypt untuk Pengamanan Password pada Sistem Informasi Akademik (SIAK) (Studi Kasus : Universitas Langlangbuana),” J. Infosecure, vol. 6, no. 2, pp. 1–5, 2025.

M. Adri Ramadhan, D. Saputra, D. Iskandar Mulyana, S. Tinggi Ilmu Komputer Cipta Karya Informatika, and D. Jakarta, “Pencegahan Serangan Berbasis Kata Sandi: Studi Komprehensif Tentang Implementasi Hash Pada Aplikasi Web Prevention of Password-Based Attacks: a Comprehensive Study of Hash Implementation in Web Applications,” J. Inf. Technol. Comput. Sci., vol. 7, no. 3, pp. 920–925, 2024.

S. C., R. J., and R. R., “Accelerated and Intelligent Password Cracking with Performance Optimization,” Proc. 1st Int. Conf. Res. Dev. Information, Commun. Comput. Technol. (ICRDICCT 2025), vol. 4, pp. 741–749, 2025, doi: 10.5220/0013920100004919.

V. Fedorchenko, O. Yeroshenko, O. Shmatko, O. Kolomiitsev, and M. Omarov, “Password Hashing Methods and Algorithms on the .NET Platform,” Adv. Inf. Syst., vol. 8, no. 4, pp. 82–92, 2024, doi: 10.20998/2522-9052.2024.4.11.

R. M. Liauren, B. Zaman, and S. Bahri, “Implementasi Algoritma Aes Dan Bcrypt Untuk Pengamanan Data Pengguna Pada Website Jahitku,” KHARISMA Tech, vol. 20, no. 1, pp. 57–71, 2025, doi: 10.55645/kharismatech.v20i1.535.

N. A. Y. -, D. Kiswanto, S. Davina, and A. D. Sitepu, “Simulasi Hashing Password Menggunakan Argon2 Dan Scrypt Serta Pengembangan Fitur Logging Jaringan Real-Time Berbasis Website,” J. Inform. dan Tek. Elektro Terap., vol. 14, no. 1, pp. 8–17, 2026, doi: 10.23960/jitet.v14i1.8183.

T. P. Batubara, S. Efendi, and E. B. Nababan, “Analysis Performance BCRYPT Algorithm to Improve Password Security from Brute Force,” J. Phys. Conf. Ser., vol. 1811, no. 1, p. 012129, 2021, doi: 10.1088/1742-6596/1811/1/012129.

N. A. A. Mustafa, “Analysis attackers’ methods with hashing secure password using CSPRNG and PBKDF2,” Wasit J. Eng. Sci., vol. 12, no. 2, pp. 60–70, 2024, doi: 10.31185/ejuow.vol12.iss2.502.

P. Tippe and M. P. Berner, “Evaluating Argon2 Adoption and Effectiveness in Real-World Software,” Lect. Notes Comput. Sci., vol. 15993 LNCS, pp. 25–46, 2025, doi: 10.1007/978-3-032-00627-1_2.

S. Eum, H. Kim, M. Song, and H. Seo, “Optimized Implementation of Argon2 Utilizing the Graphics Processing Unit,” Appl. Sci., vol. 13, no. 16, 2023, doi: 10.3390/app13169295.

I. Listiawan, Z. Zaidir, S. Winardi, and M. Diqi, “Optimising Bcrypt Parameters: Finding the Optimal Number of Rounds for Enhanced Security and Performance,” Compiler, vol. 13, no. 1, pp. 1–10, 2024, doi: 10.28989/compiler.v13i1.2111.

A. A. S. AlQahtani, “Key Derivation: A Dynamic PBKDF2 Model for Modern Cryptographic Systems,” Cryptography, vol. 9, no. 2, p. 39, 2025, doi: 10.3390/cryptography9020039.

D. Febrian et al., “Implementation of Bcrypt Algorithm on Website-Based Hashing Generator Using Laravel Framework,” J. Inf. Syst. Informatics Comput., vol. 7, no. 2, p. 199, 2023, doi: 10.52362/jisicom.v7i2.1130.

K. Nur, D. Suhartono, M. Thoriq, and A. Qothrunnada, “Implementasi Pengamanan Data Menggunakan Teknik Bcrypt Hashing Password dan Algoritma Advanced Encryption Standard ( AES ) Implementation of Data Security Using Bcrypt Hashing Password Technique and Advanced Encryption Standard ( AES ) Algorithm,” J. Sist. dan Teknol. Inf., vol. 13, no. 1, pp. 101–108, 2025, doi: 10.26418/justin.v13i1.84997.

R. Patra and S. Patra, “Cryptography: A Quantitative Analysis of the Effectiveness of Various Password Storage Techniques,” J. Student Res., vol. 10, no. 3, pp. 1–14, 2021, doi: 10.47611/jsrhs.v10i3.1764.

R. Khande, S. Ramaswami, C. Naidu, and N. Patel, “An Effective Mechanism for Securing and Managing Password Using Aes-256 Encryption & Pbkdf2,” Int. J. Electr. Eng. Technol., vol. 12, no. 5, pp. 1–7, 2021, doi: 10.34218/ijeet.12.5.2021.001.

I. Alkhwaja et al., “Password Cracking with Brute Force Algorithm and Dictionary Attack Using Parallel Programming,” Appl. Sci., vol. 13, no. 10, p. 5979, 2023, doi: 10.3390/app13105979.

P. Bagane, M. Sable, A. Panicker, A. Ansh, and O. A. Jebessa, “Passcrack: Cracking, hashing, and strength testing for a secure digital future,” Int. J. Smart Sens. Intell. Syst., vol. 18, no. 1, pp. 1–18, 2025, doi: 10.2478/ijssis-2025-0024.

N. R. Rajeswari, R. Buduri, K. Santhi, B. S. Kumar, D. K. S. Rao, and D. K. Pulluru, “Securing Passwords: An Approach Inculcating Argon2 and Three-Fish Algorithm,” Int. J. Eng. Adv. Technol., vol. 14, no. 4, pp. 30–35, 2025, doi: 10.35940/ijeat.d4582.14040425.

R. S. Giffary and E. Ramadhani, “Implementasi Bcrypt dengan SHA-256 pada Password Pengguna Aplikasi Golek Kost,” J. Sist. Komput. dan Inform., vol. 3, no. 4, p. 543, 2022, doi: 10.30865/json.v3i4.4285.

D. S. Rachmad, “Penerapan Algoritma Bcrypt untuk Enkripsi Password pada Aplikasi Absensi Pegawai Menggunakan QR Code pada CV RSA Mandiri,” INOMATEC J. Inov. dan Kaji. Multidisipliner Kontemporer, vol. 01, no. 04, pp. 665–672, 2026, doi: 10.70294/ino1087.

B. Pal et al., “Might I Get Pwned: A Second Generation Compromised Credential Checking Service,” Proc. 31st USENIX Secur. Symp. Secur. 2022, pp. 1831–1848, 2022.

R. Dafi Al Azhar and I. Sholihah Widiati, “Evaluasi Keamanan Penyimpanan Password Menggunakan Algoritma Hash: MD5, SHA-1, dan Bcrypt,” Pros. Semin. Nas. Teknol. Inf. dan Bisnis, pp. 1302–1305, 2025, doi: 10.47701/q885nj69.

N. T. Jehian et al., “Pengembangan Sistem Keamanan Data Berbasis Web Menggunakan Kombinasi Algoritma ChaCha20-Poly1305 dan Argon2,” JITET (Jurnal Inform. dan Tek. Elektro Terapan), vol. 13, no. 3S1, pp. 1958–1968, 2025, doi: 10.23960/jitet.v13i3S1.8151.

M. Q. Syahputra, D. R. Akbi, and D. Risqiwati, “Deteksi Dan Mitigasi Serangan DDoS Pada Software Defined Network Menggunakan Algoritma Decision Tree,” J. Repos., vol. 2, no. 11, p. 1491, 2020, doi: 10.22219/repositor.v2i11.795.