We created a secure application using BCrypt to generate hashes for a second pass.
Feel free to re-visit Server Side Authentiation.