diff --git a/mvp/b2c/src/lib/auth/password.ts b/mvp/b2c/src/lib/auth/password.ts
new file mode 100644
index 0000000..1ea6a7a
--- /dev/null
+++ b/mvp/b2c/src/lib/auth/password.ts
@@ -0,0 +1,11 @@
+import bcrypt from 'bcryptjs';
+
+const SALT_ROUNDS = 10;
+
+export function hashPassword(plain: string): Promise<string> {
+  return bcrypt.hash(plain, SALT_ROUNDS);
+}
+
+export function verifyPassword(plain: string, hash: string): Promise<boolean> {
+  return bcrypt.compare(plain, hash);
+}
diff --git a/mvp/b2c/tests/auth/password.test.ts b/mvp/b2c/tests/auth/password.test.ts
new file mode 100644
index 0000000..1a3f52c
--- /dev/null
+++ b/mvp/b2c/tests/auth/password.test.ts
@@ -0,0 +1,15 @@
+import { describe, it, expect } from 'vitest';
+import { hashPassword, verifyPassword } from '@/lib/auth/password';
+
+describe('password', () => {
+  it('verifica una contraseña correcta contra su hash', async () => {
+    const hash = await hashPassword('Reforma2026!');
+    expect(hash).not.toBe('Reforma2026!');
+    expect(await verifyPassword('Reforma2026!', hash)).toBe(true);
+  });
+
+  it('rechaza una contraseña incorrecta', async () => {
+    const hash = await hashPassword('Reforma2026!');
+    expect(await verifyPassword('otra', hash)).toBe(false);
+  });
+});