This article is a keeper: Salted Password Hashing.
Side note: My own mobile web app is secure in so far as the hashed password only validates the anonymous and disposable handle or user ID, nothing else. This allows a member to delete their handle and recreate it with a different password as needed. Moreover, the arbitrary handle is not linked to any e-mail or other vitally important personal data.