Password Security

Databases of usernames and passwords are valuable because users re-use passwords for multiple web services. They shouldn't, but they do. So even if your web project doesn't have anything of value, a large enough list of usernames and passwords will have some that also get an attacker access to users' bank accounts, credit cards, or email addresses. As developers we often won't have control over whether the database (or its backups!) are stored securely, and it only takes one leak for the data to live forever on the internet. There's no way to unring the bell. What we do have control over though, is whether our databases store passwords at all in the first place.