This chapter focuses on password authentication for both persons and non-persons. The password is entered by the person from human memory but is provided by a non-person from a stored password. The verifier might be aware of the entity origins (person versus non-person) but more likely is ignorant of the password source and uses the same password verification process. Person entities need to remember passwords securely, not write them down, not share them, and possibly use a password manager tool. Non-person entities need to store passwords securely as they cannot remember them. Stored passwords allow a non-person entity to authenticate itself to a relying party, such as a mobile device connecting to an online web service, a web server connecting to an application server, or an application server connecting to a database server. Password hashing is a cryptographic mechanism used to protect passwords for verification, not password entry, without using cryptographic keys.