Storing passwords as plain text into a database is bad practice. Should the database be hacked and the data stolen, then the usernames and passwords could be used against the individual AND our company or organization could be held legally responsible. The truth is that many people reuse passwords across multiple accounts. When this happens and the password becomes available, then multiple accounts are at risk. Besides implementing security to protect the database server, an easy step is to NOT store passwords as plain, human readable, text. Instead, store them as a hash. Hashing passwords and storing the hash into the database is what this video will cover. Let's begin by installing the bcryptjs package into our Node application using the built-in VS Code terminal. Once installed, require the package in the account controller. With the package now available, scroll down to the registration function and add the following code to it, as shown in the video. First, a variable to hold the hash is declared. Second, a try - catch block is created. In the try, the plain text password, coming from the form submission, is hashed, using a cost factor of 10. The resulting hash is stored into the variable. For more information on the hashing process, consult the bcryptjs documentation. If the hashing process fails, then the catch block catches the error and returns the registration view with an error message. Finally, scroll down and find where the data is sent to the model to be written to the database table. Replace the existing password variable with the hashed password variable. Save the file. Let's now start the development server, then open the application in the browser. Navigate to the registration view, complete the form, and submit. Reviewing the database, the last record inserted should have a hashed password. It is important to troubleshoot and find where things failed if the password for the last record inserted is not a hash. If it did work, it is also equally important to delete any existing records that do NOT have hashed passwords. From this point forward, every record stored in the account table must have a unique email address AND a hashed password. Once everything is working as expected, be sure to shut down the development server.