What do you do with your user's password? Do you store it into the database? You don't! You should never store the raw password into your application. Some badly coded websites store the raw password into their database. They store the actual password and even send you via email: This means your password is at risk.