When a user attempts to log in, they are prompted to enter their username and password. The system then compares the entered password with the stored password. If they match, the user is granted access. This process often involves hashing, where the password is converted into a fixed-size string of characters, making it difficult for attackers to reverse-engineer the original password.