Since
Win32 lacks an encryption function, passwords are stored in plain
text. This is not very secure, but one hopes it will change for the
better. The passwords would be stored in the file named by the
AuthUserFile directive, and
Bill’s entry would be:
bill:theft
except that in real life you would use a better password.