vpopmail shocker

Today I was surprised to discover that my default installation of vpopmail stores passwords in plain text. I had been using this setup without much thought for some time, but today I was curious and decided to take a look at the vpasswd file while playing around with a .qmail file. I was expecting the format to be similar to the /etc/passwd file, where passwords are hashed in a one-way function, making them unreadable even to the superuser. However, I found that in the case of vpasswd, the password is stored in plain text in the last column.

I now need to explore better ways of securely storing passwords to protect user privacy.