There are two camps in this security discussion:
Don't store the passwords in your DB. This usually means leveraging OAuth or equivalent. You will need to store a 'token' that uniquely identifies the user. This 'token' is provided by the authentication service that you select. The service also provides the authentication.
Store a hash (not reversible) transformation of the password in the DB. Then the authentication process is to compare the hashed version of the provided pword with the one in the DB.
There are complexities that should be considered depending upon your security consideration. I think the minimum should be a salted password implementation. This is typically something like:
$hash = sha1(saltThePword($pword));
where
function saltThePword($pword)
{
// combine the password with a salt.
// typically:
// $pword.$salt
// $salt can be static
// $salt can be unique to user (reproducible by a formula)
}
Hope this helps.
Bob