I've begun working with somewhat sensitive information being stored in a database and I've figured out that I can use generate a hash for table association on data the user provides (such as their password).
The problem I'm not entirely certain how to deal with is dealing with users who have lost their password. One solution I read was to create a user/hash association elsewhere besides the database. I can think of a couple places such as having it stored in a flat file though that would still be on the server. I could also have an email account created and have the password and user id automatically sent to that email address which could be on a different server.