To make brute force attacks harder, while encoding we also can supply a random string. This random string is called salt. Salt text is included in PasswordEncoder as shown in the following code snippet:
auth
.inMemoryAuthentication()
.passwordEncoder(new StandardPasswordEncoder(“random-text-salt”));