Site security with SSL certificate
Passwords on the site should always be stored as encrypted values, preferably using a hashing algorithm (for example, SHA). Using this algorithm means that when authenticating users, you will only verify encrypted values. In case of hacking and theft of hashed passwords, this minimizes the damage, since decryption of such passwords is impossible. The only thing you can do with them is to carry out an attack using a dictionary or guess each combination with a script, which is computationally long and impractical.
It is also extremely important to use strong passwords yourself and teach this to site visitors in order to protect their accounts. The introduction of password requirements such as the minimum number of characters, the presence of capital letters and numbers will help protect user data in the long term.
In a recent study
Russian security experts checked 3.7 billion usernames and keys over the past 3 months that can be found in the public domain and noted that the share of strong passwords (letters + numbers + symbols) in the network is only 3%.