What is Base64? Complete Guide

If you've ever seen a string ending with ==, embedded an image in HTML using data:image/png;base64,..., or sent an email attachment, you've already used Base64 — perhaps without realizing it. Base64 is one of the most widespread encoding schemes on the web, yet many developers don't fully understand how it works or when to reach for it.

This complete guide explains what Base64 is, how the encoding algorithm works step by step, when you should (and shouldn't) use it, and how to encode and decode Base64 online using our free tools.

What is Base64?

Base64 is a binary-to-text encoding scheme that converts arbitrary binary data into an ASCII string format. It uses a set of 64 characters: A–Z, a–z, 0–9, +, and /. The = character is used for padding when the input length isn't divisible by 3.

Important: Base64 is not encryption and not compression. It does not hide or protect data. Anyone can decode a Base64 string instantly. Base64 is purely a way to make binary data safe for text-based transport — it ensures the data survives transmission through systems that only handle printable text.

The name "Base64" comes from the fact that each character represents 6 bits of data (2⁶ = 64 unique values). The standard is formally defined in RFC 4648.

How Base64 Encoding Works

The Base64 encoding process follows three clear steps:

1. Split the input into 3-byte groups. Each group contains 24 bits (3 × 8).
2. Divide each group into four 6-bit chunks. Each 6-bit value maps to one of 64 characters.
3. Add padding if needed. If the last group has fewer than 3 bytes, pad with = characters: one = for 1 byte remaining, two = for 2 bytes remaining.

For example, the text "Man" (3 bytes) becomes "TWFu" in Base64. Each character maps 6 bits of the original data into the Base64 alphabet, and the 24 bits perfectly represent the 3 input bytes with no padding needed.

A single character like "a" (1 byte) becomes "YQ==" — two = characters indicate that only 1 byte of input was converted and 2 bytes of padding were added.

This encoding overhead is approximately 33%: 3 input bytes become 4 output characters. For every 3 bytes of input, you get 4 characters of output.

When to Use Base64

Base64 excels in scenarios where binary data must travel through text-only channels:

Email Attachments (MIME)

Email protocols like SMTP were designed for 7-bit ASCII text. Binary attachments (images, PDFs, ZIP files) must be encoded as Base64 before being attached to an email. The MIME standard (Multipurpose Internet Mail Extensions) specifies Base64 as the encoding for binary email attachments. When you send a photo via email, your email client silently Base64-encodes it before transmission.

Data URIs in HTML and CSS

Base64 data URIs let you embed images, fonts, and other binary assets directly inside HTML or CSS, eliminating extra HTTP requests. A typical data URI looks like:

<img src="data:image/png;base64,iVBORw0KGgo...AAAAAElFTkSuQmCC" alt="inline image">

This technique is useful for small icons, CSS background images, and single-file HTML documents where reducing HTTP requests matters more than file size.

HTTP Basic Authentication

The HTTP Basic Authentication standard encodes the username and password as a Base64 string in the Authorization header: Authorization: Basic dXNlcjpwYXNz. Note that this is not secure on its own — it must be combined with HTTPS.

JWT Tokens

JSON Web Tokens (JWTs) use Base64url encoding (a URL-safe variant) for all three parts of the token — header, payload, and signature. Each section is Base64url-encoded and separated by dots. You can learn more about JWT in our beginner's guide.

Storing Binary in Databases

Some databases or storage systems don't support raw binary columns well. Base64 provides a portable, text-safe way to store binary data in VARCHAR or TEXT fields.

How to Encode and Decode Base64 Online

Using our Base64 encoder/decoder is straightforward:

1. Open the Base64 tool in your browser
2. Type or paste your text in the input box
3. Click Encode to convert to Base64, or Decode to convert back
4. Copy the result — all processing happens locally in your browser

For images, use our dedicated Image to Base64 converter which supports drag-and-drop upload and converts any image format (PNG, JPG, GIF, SVG, WebP) into a Base64 data URI ready for embedding in HTML or CSS.

Base64 Variants

Standard Base64 uses + and / as the 63rd and 64th characters. However, these characters have special meaning in URLs and filenames. That's where Base64url comes in — it replaces + with - and / with _, and omits the = padding. This variant is used in JWT tokens and web-safe encoding scenarios.

Base64 vs Hex vs Base32

How does Base64 compare to other encoding schemes?

• Base64: 64 characters, ~33% overhead. Best balance of efficiency and readability.
• Hex (Base16): 16 characters (0–9, A–F), 100% overhead. Simple but bloated. Use our hex converter for hex encoding.
• Base32: 32 characters (A–Z, 2–7), ~60% overhead. Case-insensitive, handy for human-readable codes.

Base64 is the most space-efficient of the common binary-to-text encodings and is the right choice for most real-world use cases.

When NOT to Use Base64

• Don't use Base64 for security. It is trivially reversible — treat it as readable plaintext.
• Avoid Base64 for large image files. Serving a 5 MB image as a Base64 data URI bloats the HTML to ~6.7 MB (the 33% overhead adds up fast). Use direct file URLs instead.
• Don't use Base64 when binary transport is available. Most modern APIs support binary payloads (multipart/form-data, ArrayBuffer, Blob). Use those when possible.
• Avoid Base64 for server-side caching. Binary formats are more compact and faster to parse.

Try Our Base64 Tools

Ready to start encoding and decoding? Here are the tools we offer:

• Base64 Encoder / Decoder — Convert text to and from Base64 instantly
• Image to Base64 Converter — Drag-and-drop image conversion with live preview
• Hex Converter — Convert between hex, decimal, binary, and more

All tools run entirely in your browser using JavaScript. Your data never touches any server — privacy by design.