Actually, a server doesn't have to store passwords
...only the hash values of the passwords. A password is submitted by the user, runs through the hash algorithm, and is compared to the stored hash value. If the two match, access is granted.
Keep Up with TechRepublic