I am currently designing a system that involves customer logins. One possible login step is entering 3 random chars from the password.
I know typically. passwords are stored as a hash. However, it is impossible to use 3 random chars with this method. Can anyone tell me how the passwords should be stored without storing them as plain text?