There are multiple ways to store sensitive passwords, and choosing the wrong method can be a security nightmare. When deciding how to store sensitive passwords, consider using an authentication and authorization service that provides open standards like OpenID Connect and supports MFA for improved user security. If you need to store passwords in your Java application yourself, use a strong password hashing algorithm that consumes computational resources and is slow to run, making brute force attacks less effective. The recommended password hashing algorithms include Argon2id, scrypt, and BCrypt, each with its own strengths and weaknesses. When implementing password hashing, follow best practices such as never implementing the algorithm yourself, keeping up-to-date with security news and trends, using secure libraries and techniques, and learning from capture the flag challenges to improve your skills.