Does Base64 encrypt my data?

No. Base64 is a reversible encoding, not encryption. Anyone can decode it instantly. Use it for transport, never for secrecy.

Why is Base64 output bigger than the input?

It represents every 3 bytes as 4 text characters, so output grows by about 33%, plus padding.

What is URL-safe Base64?

A variant that replaces + and / with - and _ and drops = padding so the string is safe to put in URLs and filenames. JWTs use it.

Why does btoa() fail on emoji or non-English text?

btoa only handles Latin1. Convert the string to UTF-8 bytes first, or use a Base64 tool that does it for you.

Base64 encoding explained: what it is and when to use it

5 min readUpdated May 24, 2026

Base64 turns binary data into plain ASCII text so it can travel safely through systems that only handle text — emails, URLs, JSON, data URIs. It is encoding, not encryption. Here is how it works and where it bites.

How Base64 works

Base64 takes 3 bytes (24 bits) of input and rewrites them as 4 characters (6 bits each) drawn from a 64-symbol alphabet: A–Z, a–z, 0–9, +, and /. The = character pads the end when the input is not a multiple of 3 bytes.

Because 3 bytes become 4 characters, Base64 output is roughly 33% larger than the input. Encode and decode strings in the Base64 tool.

Standard vs URL-safe Base64

The + and / characters have special meaning in URLs. URL-safe Base64 swaps them for - and _, and usually drops the = padding. This is the variant used inside JWTs.

// converting standard -> url-safe
const urlSafe = standard.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '')

Encoding is not security

Base64 is reversible by anyone, instantly. It hides nothing. Never use it to "protect" passwords, tokens, or PII — that is what hashing and encryption are for.

Common gotchas

Unicode: btoa() throws on non-Latin1 characters. Encode UTF-8 first (encodeURIComponent + unescape), or use a tool that handles it.
Data URIs: embedding an image as data:image/png;base64,... avoids an HTTP request but inflates HTML — see the Image to Base64 tool.
Whitespace: copied Base64 sometimes contains newlines. Strip them before decoding.

Frequently asked questions

Does Base64 encrypt my data?: No. Base64 is a reversible encoding, not encryption. Anyone can decode it instantly. Use it for transport, never for secrecy.
Why is Base64 output bigger than the input?: It represents every 3 bytes as 4 text characters, so output grows by about 33%, plus padding.
What is URL-safe Base64?: A variant that replaces + and / with - and _ and drops = padding so the string is safe to put in URLs and filenames. JWTs use it.
Why does btoa() fail on emoji or non-English text?: btoa only handles Latin1. Convert the string to UTF-8 bytes first, or use a Base64 tool that does it for you.

Try it yourself

Put this guide into practice — these tools run free in your browser.

Base64 Encode / Decode Image to Base64 Encoder