At one point or another, odds are strong that users will need to create an account on our site, and we will likely be asking of them to create a password.

The question then becomes: How should we store the password?

While this is something we typically "let frameworks worry about", it is important to understand what the stakes are, current and emerging threats, as well as current best practices of this field.