A password class should not contain any strings: it could accept a string (or a number of strings to include userID and /or salt value), and return a boolean match / not match, and it could return a hashed value suitable for database storage - but is should not store a string.
There is some info on password storage here:
Password Storage: How to do it.[
^]