The guidance is that nobody – not even the user themselves – should be able to see passwords, and that they should not be stored in the database in a way that allows them to be retrieved. This is because there are many ways in which this data can get lost – an administrator may print out a report, and leave it on their desk; an attacker might be able to use SQL injection to run database queries; someone may be able to break into your building and steal a backup tape.

Many customers use the same password on multiple sites – so if your sites is the weakest link, you may be exposing them to risks on other sites if they have re-used their passwords.

The recommendation is to use a cryptographic technique called “hashing”, which takes the plaintext password and turns it into a meaningless string; there’s no way to reverse the hash, which means that even if I stole the hashed password, I couldn’t work out what the original, plain text was.

Hashing the same string twice gives the same hash – so when someone logs in, you hash their plaintext password, and compare it to the hash in the database.

The OWASP link provides further information on this topic, including “salting” the hash.