As Solution 1 suggest,you can proceed that way also.But i still don't understand why you want to avoid database?
Password storage is much more crucial thing. And i strongly recommend you not to store password. Instead,you should generate it's hash using some good one way hash function like
SHA256[
^].
I recommend you to refer this also :
Password Storage: How to do it.[
^]
Regards..