How Base64 turns data into text, where it shows up in real systems, and why it is not encryption.
Base64 converts arbitrary binary data into a string made up of only 64 printable characters (A-Z, a-z, 0-9, + and /), which makes it safe to include inside systems that only reliably handle plain text, like email bodies, JSON fields or URLs. It groups the original data into 3-byte chunks and re-encodes each chunk as 4 text characters.
Base64 shows up constantly once you start looking: email attachments are Base64-encoded so they survive being sent through text-based mail protocols, small images are sometimes embedded directly into CSS or HTML as data: URIs instead of a separate file request, and the header and payload sections of a JWT (JSON Web Token) are Base64url-encoded JSON.
This is the most common misunderstanding - Base64 is an encoding, not a cipher. There is no secret key involved, and anyone can decode it back to the original data in one step. Never use Base64 alone to protect sensitive information; it only changes the representation of the data, not who can read it.
Encoding 3 bytes of original data into 4 text characters means Base64 output is roughly 33% larger than the original data - that overhead is the trade-off for being safely representable as plain text.
Encode text to Base64 and decode it back.
Open Base64 Encoder / Decoder