[pencilcode]

That's right. But it does reduce the cost of a compromised server. Since no passwords are stored in the server itself, if it's compromised, the user's passwords won't be exposed (even if they're encrypted, they're often weakly encrypted, especially as time goes by).

[randomtask]

Passwords should usually not be encrypted. Saying a password is encrypted implies that there is a decryption function that can produce the original password in plaintext. This should not be the case. Instead, typically, a key derivation function like bcrypt, scrypt, etc. is applied. The output of these are sometimes referred to as "password hashes" because like hashes they are not reversible.

[pencilcode]

Yes, my mistake. I meant hashed.