To make brute force attacks harder, while encoding we also can supply a random string. This random string is called salt. Salt text is included in PasswordEncoder as shown in the following code snippet:

auth
    .inMemoryAuthentication()
    .passwordEncoder(new StandardPasswordEncoder(“random-text-salt”));