Passwords are primarily used as a way of accessing information and also limiting the number of users who can get access to a machine. It is primarily used with a username for the authorization system. Sometimes people use keys instead of passwords due to the increased strength of the keys.
Passwords or Pass Phrases are a string that is used to help lockout people who do not know this string from using a persons account or computer. They have almost always been used since computers were first connected with each other as a way of making sure that each user had the ability to know that their account on the computer or network was not going to be taken over by a peer worker who had something against them. It also makes sure that only the person who knows a person's user-name and password can get into their account and change things that they have access to.
On websites and other web-based services passwords are used to make sure that anyone trying to connect to the site or service is who they say they are. In addition to a user-name which may be a another string or the person's email, it makes the server that the person who is trying to login(gain authorization to the site or service) more likely to trust them and allow them to gain access to it.
Storing a password should never be done in plain text, this means that the passwords are stored exactly as they were typed by the user. You should use a cryptographichash functions that are is available in almost every web programming language, and thus is the best way to store a users password since it uses one-way encryption which means that no one can get the password back without first attempting to guess it repeatedly, also known as "bruteforcing".
cryptographichash alone still discloses that the two passwords are the same (as they would have the same hash value). To avoid this, a known random string (salt) can be hashed together. Salt can be stored openly (next to the hashed value) as it is not a password, just makes the password hash-code different.
It is still better to protect such table as much as possible as (assuming the hashing algorithm is known) the attacker can use it with his own program to probe a big number of potential passwords in a short time. Probing the real system is much more difficult as it usually locks or at least forces delay after multiple failed attempts.
A big proportion of currently use passwords are insecure and can be relatively easily guessed (empty, same as username, date of birth, etc). Another problem is that users often use the same password for different sites or applications.
