The problem Base64 solves
Computers store everything — photos, PDFs, emoji — as raw bytes. Many older systems, though, were built to carry only plain text. Sending raw bytes through them can corrupt the data, because some byte values are treated as special commands rather than content. Base64 fixes this by re-expressing any data using just 64 safe, printable characters that every text system understands.
How it works
Base64 uses an "alphabet" of 64 characters: A–Z, a–z, 0–9, plus + and /. The encoder takes the data 3 bytes (24 bits) at a time and splits those 24 bits into four 6-bit groups. Each 6-bit group (a value from 0 to 63) becomes one character from the alphabet. So every 3 bytes of input turn into 4 characters of output.
When the data does not divide evenly into groups of three, Base64 adds one or two = characters at the end as padding, so the length is always a multiple of four. Because 3 bytes become 4 characters, Base64 output is about 33% larger than the original data — a trade you accept in return for safe transport.
Where you see it every day
- Data URIs: small images embedded directly in a web page or CSS file as
data:image/png;base64,.... - Email attachments: the MIME standard uses Base64 to carry files inside plain-text email.
- JSON Web Tokens (JWTs): the parts of a login token are Base64url-encoded.
- APIs and config files that need to store binary data inside a text format.
You may also meet Base64url, a small variant that replaces + and / with - and _ so the result is safe to drop into a web address.
The important warning: it is not encryption
Base64 is encoding, not encryption. It hides nothing — anyone can decode it back to the original in one step, with no key or password. Never use Base64 to "protect" passwords, personal data or secrets. It only changes the format of data so it can travel safely, not its secrecy. For protection you need real encryption.
Try it yourself
The quickest way to understand Base64 is to watch it work. Type some text, see it become a Base64 string, then decode it straight back — all in your browser, with nothing sent to a server.
Frequently asked questions
- Is Base64 encryption?
- No. Base64 is encoding, not encryption. Anyone can decode it instantly without a key or password, so it provides no security. Use it only to change the format of data, never to protect secrets.
- Why does Base64 make data bigger?
- Because every 3 bytes of input become 4 output characters, Base64 increases size by about 33%. That overhead is the cost of using only safe, printable characters.
- What is the = sign at the end?
- It is padding. When the data does not divide evenly into 3-byte groups, Base64 adds one or two = characters so the encoded length is always a multiple of four.