Any custom method you invent is more likely to have subtle bugs which make your storage method vulnerable. It’s not worth the effort, since you’re not likely to find these subtle bugs until it’s too late. It’s much better to use something that has been tried and tested.

Generally, these are your choices when storing a password,

• Use bcrypt.
• Use a salted, strengthened hash.

The first method is easy, just use bcrypt. It’s support in pretty much any language, and has been widely used and tested to ensure it’s security.

The second method requires you to use a general purpose hash function (SHA-2 family or better, not MD5 or SHA-1 as they’re broken/weak) or better yet, a HMAC, create a unique salt for the user and a unique application wide salt, and then iterate the hash function many times (100,000, etc) to slow it down (called key stretching/strengthening).

e.g. (pseudocode)

sofar = hash("sha512", user_salt + site_salt + input_password);
iterations = 100000; // Should be changed based on hardware speed
while (iterations > 0)
{
    sofar = hash("sha512", user_salt + site_salt + sofar);
    iterations--;
}
user.save("password", "$sha512$" + user_salt + "$" + iterations + "$" + sofar);

Each iteration should rely on the previous iteration so someone can’t parallelize a brute force method to break it. Likewise, the number of iterations should be changed based on the speed of your hardware so that the process is slow enough. Slower is better when it comes to password hashing.

Summary
Use bcrypt.