Passwords and other highly sensitive information should not be stored as plain text in databases but it should be encrypted.If the server gets hacked by anĀ intruderĀ then he will get only the encrypted text.This way is secure because you are not providing password right away but you make him to work on the combinations of passwords that matches with a specific password