When first put to use, a user's password was simply stored in the system, then when a user needed to log in, the password they entered was compared to the stored one. If they matched, the user was permitted access. However, the stored password can sometimes be stolen by attackers, often by abusing this authentication process itself. Therefore, more complex methods have been developed.
For systems which still store passwords, these passwords are often hashed prior to storage. This means that an algorithm is used to generate a unique code based on the password, which can only be replicated using the same code and algorithm again. The hash cannot be reverse-engineered to reveal the password, so attackers cannot find the actual password in the targeted system. When a user enters their password, their entry is also hashed, and these hash codes are compared. If they match, the password entered must almost certainly be correct.
The other common method of password authentication today is the use of passwords as cryptographic keys. An encryption algorithm will take the user's password and use it to encrypt private data in such a way that only that password (and perhaps a secret recovery key) can decrypt it. In this way, the password is not stored, but rather used as the key to an otherwise unsolvable mathematical puzzle.