There’s a few discussions on password management when building Web applications. The first post from Coding Horror entitled, “Your Probably Storing Your Passwords Incorrectly” urges developers to NOT store passwords in plain text, which is the true and correct method. Within the comments section is a good discussion on the topic with many links to outside sources.
One of these sources is a blog post on the same issue, yet a discussion on openness in the methods used:
http://blog.tribalpizza.com/2007/09/how-do-we-secur.html
That’s it for now, well worth reading. I haven’t posted in quite some time due to what I believe is RSI, but that’s another story.