User accounts should be secured with a securerandom salt + password and hashed with bcrypt or scrypt hashing library, salt should be stored with user account for authenticating.
Jbcrypt will generate a salt and the hashed password should be stored in the database.