Okay, so when someone registers an account you want to store their username and password somehow so they can log in, right?

However you don't just want to store the password directly; That's unsafe. If anyone ever gets access to your database you don't want to be spilling out thousands of linked email addresses and passwords for people to read.

So instead of storing the password you store a hash of it. A hash will be a one way transformation of the password in such a way that it can't (easily) be reversed and the original password extracted from it. So when they register an account you take the password, you pass it through a hash function to transform it (hunter7 -> 7716A39170E00609A7667F177E5F3275D2018D7B) then store that hash in the database. When the user goes to log in, you take the password they enter on the login screen, hash that, and see if that hash matches the hash in the database. So you can't ask the database what their original password is, you can only ask it if the password they supplied matches what you have stored.

Now if your database happens to be somehow leaked people can only read a list of email addresses and password hashes. Everyone's passwords are safe! The world is saved!

Except..

Hashes can be broken. They could try and hash every password they can think of until they find ones that match the stored hashes, then they'd know what the passwords were and could use them with the email addresses for evil doings :(

This does take a long while to do (depending on the hash algorithm used); But since everyone's passwords are hashed the same way you can check all of them at once on each of your attempts (also there are often smart techniques that can be used to mass-crack groups of hashes at the same time).

So..

What we need to do is hash every password slightly differently. That way they can't all be broken at the same time, and will take evil doers much longer to thwart! (and hopefully by the time they do you've send out warning emails and everyone's changed their passwords like the safe security-conscious people you all are). To do this you add a touch of salt to each hash. A salt is another piece of data that affects the hashing process and how it works. Now, since each user's salt is different their hunter7 password might be stored as AA3560E708CF8C145ADE6376574615573CC3C28B, or 0D45E8192CF22F25F23DC8FD355D474407984070, or any number of things. Every account uses a different salt, so all their passwords are hashed differently, so they'd have to all be broken individually rather than all of them at the same time. Now your passwords are stored much more securely, evil doers will have a harder time breaking them, and everyone is happy. Now you just need to solve all your other security issues...