Tech blog and developer tools
Base64 is a binary-to-text encoding scheme that represents binary data using 64 printable ASCII characters (A-Z, a-z, 0-9, +, and /). It was first formally defined in RFC 1421 in 1993 for Privacy Enhanced Mail (PEM), though the concept dates back to the early days of email when systems could only handle 7-bit ASCII text and needed a way to transmit binary attachments.
Base64 encoding increases the data size by approximately 33% because every 3 bytes of input become 4 bytes of output. Despite this overhead, it remains essential for embedding binary data in text-based formats. Every email attachment you have ever sent was Base64-encoded under the hood using MIME.
Fun fact: the "=" padding characters at the end of Base64 strings exist because Base64 works in groups of 3 bytes. If the input is not divisible by 3, padding is added. One "=" means 2 bytes of real data in the last group, and "==" means just 1 byte. Some modern implementations like Base64url omit the padding entirely.
Data URIs use Base64 to embed images directly in HTML or CSS, like "data:image/png;base64,...". This eliminates extra HTTP requests but increases page size. Small icons and SVGs are commonly inlined this way for performance.
Standard Base64 uses + and / which are special characters in URLs. Base64url replaces them with - and _ to be URL-safe. JWTs use Base64url encoding, which is why you see hyphens and underscores in token strings.
A common misconception is that Base64 provides security. It does not. It is simply an encoding, like converting text to uppercase. Anyone can decode it instantly. Never use Base64 to "hide" passwords or sensitive data.
HTTP Basic Auth Base64-encodes the "username:password" string. This is why HTTPS is essential for Basic Auth, since without TLS, the credentials are trivially decoded by anyone intercepting the request.