About .htpasswd & Basic Authentication
The .htpasswd file is used to store usernames and hashed passwords for HTTP Basic Authentication. It is the simplest way to protect a directory or application on web servers like Apache and Nginx without implementing a full database-backed login system.
Recommended: Bcrypt
Bcrypt is the most secure option available for .htpasswd. It is a slow, adaptive hashing algorithm that is resistant to brute-force and hardware-accelerated attacks. Most modern versions of Apache (2.4+) and Nginx support Bcrypt.
Compatibility: MD5 (APR1)
MD5 (APR1) is the Apache-specific variant of MD5. While faster than Bcrypt, it provides a random salt and 1000 rounds of hashing. Use this if you are on an older system that doesn't support Bcrypt, as it's still significantly better than plain MD5 or SHA-1.