You should always hash your passwords as well. Bcrypt is preferred, using BCryptPasswordEncoder.