Admin answers:

Well, if you are asking how they are stored on the server then, most of the time the usernames and passwords are stored in a form of database, whether it be a fully featured database such as MySQL or Microsoft Access or it can be something as simple as a flat file (a simple text file).

However nearly all databases that store sensitive information (like usernames and passwords) use some form of encryption or hash. A hash is by far the most common and one of the most secure methods of storing such information.

If the website is using a hash (such as MD5 or SHA) then whenever you type in your password, it runs it through the algorithm and compares the outcome to what is stored inside of the database (since a hash cannot be decrypted). But if they are using an encryption, then they just decrypt the stored password and compare it to what you typed in.

If you are asking how they are stored on your computer, there are also many ways to do this, one of which is through cookies which is “is a text string stored by a user’s web browser”. Also the browser itself may just remember it for you.

Also yes, it is completely illegal to for any unauthorized person to access such information whether or not it is stated so on the website.

Please take in mind that my answer is very limited as an entire book could be written on this subject alone. To gain a better understand I suggest that you learn a web development language such as PHP or ASP.