diff --git a/SQL/0000-00-03-ConfigTables.sql b/SQL/0000-00-03-ConfigTables.sql
index e7b4d637a0d..218aa23d2da 100644
--- a/SQL/0000-00-03-ConfigTables.sql
+++ b/SQL/0000-00-03-ConfigTables.sql
@@ -8,7 +8,7 @@ CREATE TABLE `ConfigSettings` (
     `Description` varchar(255) DEFAULT NULL,
     `Visible` tinyint(1) DEFAULT '0',
     `AllowMultiple` tinyint(1) DEFAULT '0',
-    `DataType` ENUM('text','boolean','email','instrument','textarea','scan_type','date_format','lookup_center','path','web_path', 'log_level') DEFAULT NULL,
+    `DataType` ENUM('text','boolean','email','instrument','textarea','scan_type','date_format','lookup_center','path','web_path','log_level','password_algo') DEFAULT NULL,
     `Parent` int(11) DEFAULT NULL,
     `Label` varchar(255) DEFAULT NULL,
     `OrderNumber` int(11) DEFAULT NULL,
@@ -59,10 +59,11 @@ INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType,
 INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'citation_policy', 'Citation Policy for Acknowledgements module', 1, 0, 'textarea', ID, 'Citation Policy', 25 FROM ConfigSettings WHERE Name="study";
 INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'CSPAdditionalHeaders', 'Extensions to the Content-security policy allow only for self-hosted content', 1, 0, 'text', ID, 'Content-Security Extensions', 26 FROM ConfigSettings WHERE Name="study";
 INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'usePwnedPasswordsAPI', 'Whether to query the Have I Been Pwned password API on password changes to prevent the usage of common and breached passwords', 1, 0, 'boolean', ID, 'Enable "Pwned Password" check', 27 FROM ConfigSettings WHERE Name="study";
-INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'dateDisplayFormat', 'The date format to use throughout LORIS for displaying date information - formats for date inputs are browser- and locale-dependent.', 1, 0, 'text', ID, 'Date display format', 28 FROM ConfigSettings WHERE Name="study";
-INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'adminContactEmail', 'An email address that users can write to in order to report issues or ask question', 1, 0, 'text', ID, 'Administrator Email', 29 FROM ConfigSettings WHERE Name="study";
-INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'UserMaximumDaysInactive', 'The maximum number of days since last login before making a user inactive', 1, 0, 'text', ID, 'Maximum Days Before Making User Inactive', 30 FROM ConfigSettings WHERE Name="study";
-INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'useDoB', 'Use DoB (Date of Birth)', 1, 0, 'boolean', ID, 'Use DoB', 31 FROM ConfigSettings WHERE Name="study";
+INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'passwordAlgorithm','Which PHP password algorithm to use for hashing the passwords',1,0,'password_algo', ID,'Password Algorithm', 28 FROM ConfigSettings WHERE Name="study";
+INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'dateDisplayFormat', 'The date format to use throughout LORIS for displaying date information - formats for date inputs are browser- and locale-dependent.', 1, 0, 'text', ID, 'Date display format', 29 FROM ConfigSettings WHERE Name="study";
+INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'adminContactEmail', 'An email address that users can write to in order to report issues or ask question', 1, 0, 'text', ID, 'Administrator Email', 30 FROM ConfigSettings WHERE Name="study";
+INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'UserMaximumDaysInactive', 'The maximum number of days since last login before making a user inactive', 1, 0, 'text', ID, 'Maximum Days Before Making User Inactive', 31 FROM ConfigSettings WHERE Name="study";
+INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'useDoB', 'Use DoB (Date of Birth)', 1, 0, 'boolean', ID, 'Use DoB', 32 FROM ConfigSettings WHERE Name="study";
 
 INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, Label, OrderNumber) VALUES ('paths', 'Specify directories where LORIS-related files are stored or created. Take care when editing these fields as changing them incorrectly can cause certain modules to lose functionality.', 1, 0, 'Paths', 2);
 INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'imagePath', 'Path to images for display in Imaging Browser (e.g. /data/$project/data/) ', 1, 0, 'text', ID, 'Images', 9 FROM ConfigSettings WHERE Name="paths";
@@ -282,6 +283,7 @@ INSERT INTO Config (ConfigID, Value) SELECT ID, 't1'    FROM ConfigSettings WHER
 INSERT INTO Config (ConfigID, Value) SELECT ID, 't2'    FROM ConfigSettings WHERE Name="modalities_to_deface";
 INSERT INTO Config (ConfigID, Value) SELECT ID, 'pd'    FROM ConfigSettings WHERE Name="modalities_to_deface";
 INSERT INTO Config (ConfigID, Value) SELECT ID, 'false'  FROM ConfigSettings WHERE Name="usePwnedPasswordsAPI";
+INSERT INTO Config (ConfigID, Value) SELECT ID, '2y'  FROM ConfigSettings WHERE Name="passwordAlgorithm";
 INSERT INTO Config (ConfigID, Value) SELECT ID, 'Y-m-d H:i:s'  FROM ConfigSettings WHERE Name="dateDisplayFormat";
 INSERT INTO Config (ConfigID, Value) SELECT ID, '/data/issue_tracker/' FROM ConfigSettings WHERE Name="IssueTrackerDataPath";
 INSERT INTO Config (ConfigID, Value) SELECT ID, ''  FROM ConfigSettings WHERE Name="adminContactEmail";
diff --git a/SQL/New_patches/2024-11-14-Add-Password-Algo-Config.sql b/SQL/New_patches/2024-11-14-Add-Password-Algo-Config.sql
new file mode 100644
index 00000000000..0f2107e4292
--- /dev/null
+++ b/SQL/New_patches/2024-11-14-Add-Password-Algo-Config.sql
@@ -0,0 +1,7 @@
+ALTER TABLE ConfigSettings
+MODIFY COLUMN DataType enum('text','boolean','email','instrument','textarea','scan_type','date_format','lookup_center','path','web_path','log_level', 'password_algo') DEFAULT NULL;
+
+INSERT INTO `ConfigSettings` (`Name`, `Description`, `Visible`, `AllowMultiple`, `DataType`, `Parent`, `Label`, `OrderNumber`)
+VALUES ('passwordAlgorithm','Which PHP password algorithm to use for hashing the passwords',1,0,'password_algo',1,'Password Algorithm',28);
+
+INSERT INTO Config (`ConfigID`, `Value`) VALUES (LAST_INSERT_ID(), '2y');
\ No newline at end of file
diff --git a/htdocs/postdeploy.php b/htdocs/postdeploy.php
index 86fd80d7072..0b9b105c8a9 100644
--- a/htdocs/postdeploy.php
+++ b/htdocs/postdeploy.php
@@ -47,7 +47,9 @@
 $sqls         = file_get_contents($path_to_file);
 $conn->exec($sqls);
 
-$pw = password_hash($password, PASSWORD_DEFAULT);
+$config        =& \NDB_Config::singleton();
+$password_algo = $config->getSetting("passwordAlgorithm");
+$pw            = password_hash($password, $password_algo);
 
 $conn->query(
     "UPDATE users SET Password_hash=" . $conn->quote($pw) .
diff --git a/modules/configuration/php/configuration.class.inc b/modules/configuration/php/configuration.class.inc
index 06c2266f1b4..366958f2823 100644
--- a/modules/configuration/php/configuration.class.inc
+++ b/modules/configuration/php/configuration.class.inc
@@ -88,6 +88,16 @@ class Configuration extends \NDB_Form
             'emergency' => 'Emergency',
         ];
 
+        $this->tpl_data['password_algos'] = array_combine(
+            password_algos(),
+            array_map(
+                function ($algo) {
+                    return $algo === '2y' ? 'bcrypt' : $algo;
+                },
+                password_algos()
+            )
+        );
+
         $this->tpl_data['date_format']   = $date_format;
         $this->tpl_data['lookup_center'] = [
             ''            => '',
diff --git a/modules/configuration/templates/form_configuration.tpl b/modules/configuration/templates/form_configuration.tpl
index 2ed16e8a299..ebf217d4e0f 100644
--- a/modules/configuration/templates/form_configuration.tpl
+++ b/modules/configuration/templates/form_configuration.tpl
@@ -22,7 +22,13 @@
     </div>
 {/function}
 
-
+{function name=createPasswordAlgo}
+    <select class="form-control" name="{$k}" {if $d eq "Yes"}disabled{/if}>
+        {foreach from=$password_algos key=name item=label}
+            <option {if $v eq $name}selected{/if} value="{$name}">{$label}</option>
+        {/foreach}
+    </select>
+{/function}
 
 {function name=createScanType}
     <select class="form-control" name="{$k}" {if $d eq "Yes"}disabled{/if}>
@@ -108,6 +114,8 @@
             {call createInstrument k=$id v=$v d=$node['Disabled']}
         {elseif $node['DataType'] eq 'scan_type'}
             {call createScanType k=$id v=$v d=$node['Disabled']}
+        {elseif $node['DataType'] eq 'password_algo'}
+            {call createPasswordAlgo k=$id v=$v d=$node['Disabled']}
         {elseif $node['DataType'] eq 'date_format'}
             {call createDateFormat k=$id v=$v d=$node['Disabled']}
         {elseif $node['DataType'] eq 'email'}
diff --git a/php/installer/Installer.class.inc b/php/installer/Installer.class.inc
index 1b0d9b338bb..11f677018b8 100644
--- a/php/installer/Installer.class.inc
+++ b/php/installer/Installer.class.inc
@@ -535,7 +535,7 @@ class Installer
             return false;
         }
 
-        $stmt = $DB->prepare(
+        $stmt          = $DB->prepare(
             "UPDATE users
              SET
                UserID=:q_userID,
@@ -543,12 +543,14 @@ class Installer
                Active='Y'
              WHERE ID=1"
         );
+        $config        =& \NDB_Config::singleton();
+        $password_algo = $config->getSetting("passwordAlgorithm");
         return $stmt->execute(
             [
                 'q_userID'   => $values['frontenduser'],
                 'q_password' => password_hash(
                     $values['frontendpassword'],
-                    PASSWORD_DEFAULT
+                    $password_algo
                 ),
             ]
         );
diff --git a/php/libraries/Password.class.inc b/php/libraries/Password.class.inc
index 31f4997234a..397e1d94420 100644
--- a/php/libraries/Password.class.inc
+++ b/php/libraries/Password.class.inc
@@ -195,17 +195,27 @@ class Password
      * Creates a new Password object when the $value param is well-formed.
      * well-formed.
      *
-     * @param string $value The proposed password value.
+     * @param string      $value  The proposed password value.
+     * @param ?NDB_Config $config The config
      *
      * @throws InvalidArgumentException When passsword is too short or too simple.
      */
-    public final function __construct(string $value)
+    public final function __construct(string $value, ?NDB_Config $config = null)
     {
         // Ensure proposed value is well-formed.
         $this->_validate($value);
-        // Don't store the value in the object; instead use the hashed version
-        // This mitigates the risk of accidentally revealing the plaintext.
-        $this->_hash = password_hash($value, PASSWORD_DEFAULT);
+        $config        = $config ?? \NDB_Config::singleton();
+        $password_algo = $config->getSetting("passwordAlgorithm");
+
+        if (empty($password_algo)) {
+            throw new ConfigurationException(
+                "Password algorithm is not configured in the settings.
+        "
+            );
+        }
+
+        // Hash the password using the configured algorithm
+        $this->_hash = password_hash($value, $password_algo);
     }
 
     /**
diff --git a/php/libraries/SinglePointLogin.class.inc b/php/libraries/SinglePointLogin.class.inc
index c6ee9e94e37..be36dddb3d3 100644
--- a/php/libraries/SinglePointLogin.class.inc
+++ b/php/libraries/SinglePointLogin.class.inc
@@ -287,8 +287,10 @@ class SinglePointLogin
         // Validate passsword
         $oldhash = $row['Password_hash'] ?? '';
         if (password_verify($password, $oldhash)) {
+            $config        =& \NDB_Config::singleton();
+            $password_algo = $config->getSetting("passwordAlgorithm");
             // Rehash according to latest standards if necessary.
-            if (password_needs_rehash($oldhash, PASSWORD_DEFAULT)) {
+            if (password_needs_rehash($oldhash, $password_algo)) {
                 try {
                     $newHash = new \Password($password);
                     \User::factory($username)->updatePassword(
@@ -302,7 +304,7 @@ class SinglePointLogin
                     // update the password here without using the Password class
                     $newHash = password_hash(
                         $password,
-                        PASSWORD_DEFAULT
+                        $password_algo
                     );
                     \NDB_Factory::singleton()->database()->update(
                         'users',
diff --git a/raisinbread/RB_files/RB_Config.sql b/raisinbread/RB_files/RB_Config.sql
index 7a91dd3186f..b8858a28169 100644
--- a/raisinbread/RB_files/RB_Config.sql
+++ b/raisinbread/RB_files/RB_Config.sql
@@ -107,6 +107,7 @@ INSERT INTO `Config` (`ID`, `ConfigID`, `Value`) VALUES (126,129,'365');
 INSERT INTO `Config` (`ID`, `ConfigID`, `Value`) VALUES (127,130,'/var/www/loris/');
 INSERT INTO `Config` (`ID`, `ConfigID`, `Value`) VALUES (128,131,'/data/EEGUploadIncomingPath/');
 INSERT INTO `Config` (`ID`, `ConfigID`, `Value`) VALUES (129,132,'false');
+INSERT INTO `Config` (`ID`, `ConfigID`, `Value`) VALUES (130,133,'2y');
 
 UNLOCK TABLES;
 SET FOREIGN_KEY_CHECKS=1;
diff --git a/raisinbread/RB_files/RB_ConfigSettings.sql b/raisinbread/RB_files/RB_ConfigSettings.sql
index 6e5137f91f3..12081d10715 100644
--- a/raisinbread/RB_files/RB_ConfigSettings.sql
+++ b/raisinbread/RB_files/RB_ConfigSettings.sql
@@ -121,5 +121,6 @@ INSERT INTO `ConfigSettings` (`ID`, `Name`, `Description`, `Visible`, `AllowMult
 INSERT INTO `ConfigSettings` (`ID`, `Name`, `Description`, `Visible`, `AllowMultiple`, `DataType`, `Parent`, `Label`, `OrderNumber`) VALUES (130,'DownloadPath','Where files are downloaded',1,0,'text',26,'Downloads',4);
 INSERT INTO `ConfigSettings` (`ID`, `Name`, `Description`, `Visible`, `AllowMultiple`, `DataType`, `Parent`, `Label`, `OrderNumber`) VALUES (131,'EEGUploadIncomingPath', 'Path to the upload directory for incoming EEG studies', 1, 0, 'text', 26, 'EEG Incoming Directory', 15);
 INSERT INTO `ConfigSettings` (`ID`, `Name`, `Description`, `Visible`, `AllowMultiple`, `DataType`, `Parent`, `Label`, `OrderNumber`) VALUES (132,'useDoB','Use DoB (Date of Birth)',1,0,'boolean',1,'Use DoB',12);
+INSERT INTO `ConfigSettings` (`ID`, `Name`, `Description`, `Visible`, `AllowMultiple`, `DataType`, `Parent`, `Label`, `OrderNumber`) VALUES (133, 'passwordAlgorithm','Which PHP password algorithm to use for hashing the passwords',1,0,'password_algo',1,'Password Algorithm',28);
 UNLOCK TABLES;
 SET FOREIGN_KEY_CHECKS=1;
diff --git a/test/unittests/PasswordTest.php b/test/unittests/PasswordTest.php
index 96aeae2bfc2..2992d657018 100644
--- a/test/unittests/PasswordTest.php
+++ b/test/unittests/PasswordTest.php
@@ -49,7 +49,10 @@ class PasswordTest extends TestCase
      */
     private $_factory;
 
-    private $_configInfo = [0 => ['65' => 'false']];
+    private $_configInfo = [
+        ['65' => 'false'],
+        ['133','2y',],
+    ];
 
     /**
      * Setup
@@ -141,7 +144,14 @@ public function testContructorInvalidValues($invalidValue): void
      */
     public function testWellFormedPassword(): void
     {
-        $this->assertInstanceOf('Password', new \Password(self::VALID_PASSWORD));
+        $this->_configMock->method('getSetting')
+            ->with('passwordAlgorithm')
+            ->willReturn(PASSWORD_BCRYPT);
+
+        $this->assertInstanceOf(
+            'Password',
+            new \Password(self::VALID_PASSWORD, $this->_configMock)
+        );
     }
 
     /**
@@ -152,9 +162,18 @@ public function testWellFormedPassword(): void
      */
     public function testToString(): void
     {
-        $password = new \Password(self::VALID_PASSWORD);
+        // Configure the mock to return a valid password algorithm
+        $this->_configMock->method('getSetting')
+            ->with('passwordAlgorithm')
+            ->willReturn(PASSWORD_BCRYPT);
+
+        // Instantiate the Password object with the valid password and config
+        $password = new \Password(self::VALID_PASSWORD, $this->_configMock);
+
+        // Assert that the password can be verified with the hashed value
         $this->assertTrue(
-            password_verify(self::VALID_PASSWORD, (string) $password)
+            password_verify(self::VALID_PASSWORD, (string) $password),
+            "Password string should correctly verify against the original value."
         );
     }
 }
diff --git a/tools/resetpassword.php b/tools/resetpassword.php
index 2a79f6a3999..53bbc5cbebd 100755
--- a/tools/resetpassword.php
+++ b/tools/resetpassword.php
@@ -42,8 +42,10 @@
 
 // Don't echo the password being typed
 `/bin/stty -echo`;
-$newPass = trim(fgets(STDIN));
-$newHash = password_hash($newPass, PASSWORD_DEFAULT);
+$newPass       = trim(fgets(STDIN));
+$config        =& \NDB_Config::singleton();
+$password_algo = $config->getSetting("passwordAlgorithm");
+$newHash       = password_hash($newPass, $password_algo);
 `/bin/stty echo`;
 
 ;