Hash passwords with bcrypt and verify plain text against bcrypt hashes entirely in the browser. Configure the cost factor (work rounds) for tunable security. Never send passwords to a server — all processing is client-side.
Toolfy