Password Storage: You're doing it wrong if:
If any of these sound familiar, you might be doing password storage wrong. If so, there's good news: There are MUCH better ways to store passwords that are completely immune to the commonly available tools by being so computationally expensive that attacks on them are not feasible. Some things that indicate you're doing it wrong:
Password Storage: Good examples
There are good ways to store passwords, and bad ways. Here are some good password storage methods.
But my database is secure!
Really? You'd bet your users security on that? The sad fact is that for most websites, SQL injection attacks are very common, and may not leave any trace that the entire password database has been dumped to malicious individuals. A SQL injection attack that reveals your user data is bad - don't make it worse by letting the attackers easily get your the passwords too.