NB-1: This is the first post in a series of posts on web application security. NB-2: Fred wrote a great post on password storage. You should read it. I’m assuming we’re talking about web apps, and most web apps have user accounts, and most of those have passwords.