What Is Base64 Encoding? A Plain-English Guide

Base64 in one sentence

Base64 is a way to represent arbitrary binary data using 64 printable characters that survive any text-only channel.

Why we need it

Many systems were designed assuming the data they carry is text — email bodies, JSON values, URL query strings, HTTP headers. If you tried to stuff raw bytes (like a PNG image) into one of those channels, the bytes would either get corrupted or rejected.

Base64 takes 3 bytes of binary data and represents them as 4 characters from a safe 64-character alphabet (A–Z, a–z, 0–9, + and /). The result is roughly 33% larger than the original, but it’s safe to put anywhere a string can go.

Where you’ll see it

• JWT tokens — three Base64-encoded segments separated by dots.
• Data URIs — embedding small images directly in CSS or HTML.
• HTTP Basic auth — `Authorization: Basic <base64 of user:pass>`.
• Email attachments — MIME parts use Base64 to encode binary attachments.
• API payloads — sending small binary blobs (signatures, certificates) in JSON.

What Base64 is not

It is not encryption. Anyone can decode Base64 — it’s an encoding, not a cipher. Treat Base64 like clear text.

A concrete example

The string `hello` in Base64 is `aGVsbG8=`. The trailing `=` is padding to keep the output length a multiple of 4.

Encoding and decoding in the browser

Use the FastDailyTools Base64 tool to encode or decode strings instantly without leaving your browser. Useful when debugging JWTs or constructing test auth headers.

URL-safe Base64

The standard alphabet uses `+` and `/`, which have special meaning in URLs. URL-safe Base64 swaps them for `-` and `_` so the encoded string can sit inside a URL query parameter without further escaping. JWTs, for example, use the URL-safe variant.

Quick reference

• Encoded data is larger than the source (~33%).
• It is not secret — never use it as a security measure.
• It’s safe to use anywhere a string is — that’s the whole point.