Why passwords? Why hashing? Passwords remain a convenient and ubiquitous authentication factor "Something you know" in 2FA Proper password hashing mitigates the impact of user database leaks Saves a percentage of accounts from compromise until passwords are forcibly changed (as they should be after a known database leak) Mitigates the impact on the users' accounts on other sites, where the same or similar passwords may have been reused (whether we like it or not) Password hashing is not a perfect security measure, yet it is a must To make it effective, password policy enforcement is also highly desirable A closely related concept is password- or passphrase-based cryptographic key derivation (for data encryption), which also remains relevant