I am currently storing all user passwords in my DB using the password() provided my MySQL . The database is only used for one application and there are no others using mysql on the server. I just wanted to double check that is (or should be) best practice to go about storing passwords this way. My reason for the question is the password() is one way and makes more difficult to have a lost password retrieval without re-creating a new password for the individual. Not necessary, just a question for a semi newbie concerened with security and the "most acceptable" way of doing things.
