Next: Password Cracking Up: User Authentication Previous: Potential Impact of security
Passwords will need to be stored in the authentication system in order to verify their correctness, but it is important to note that they should not be stored in a plaintext format. The accepted method to store passwords is as a secure hash. The user would then send their plaintext password to the authentication server, which will hash the entry with the same algorithm, and compare the result to the hash it has for that user.
Password addition rules can help reduce the likelihood of a dictionary attack, should an attacker manage to obtain hashed passwords. A salt will also help mitigate this risk by introducing entropy into the stored hash.
Note that when using salting, the salt used will need to be stored along with the hashed value in some way, otherwise you will not be able to compare the plaintext against the salted hash. Algorithms such as BCrypt do this for you, by including the hash as part of the outputted hash.