sign in & outs – a perspective from a panda (conclusion)

TL,DR

Go with OAuth if you can.

Alternatively, go with salted and hashed passwords.

Use an adequate hashing algorithm (at the time of writing, SHA2).

Two factor authentication/mobile authentication is also becoming increasing popular. Webservices that allow signin via qr code (such as wechat and line) and login apps such as clef is slowly making passwords a thing of the past.

scotch.io recently published an article relevant to the topic of backend password storage. Yes, it is a sponsored content by Auth0. The article is nonetheless a very informative article.