Yes. Second solution is much better if you can do it: faster, more efficient, more accurate, but it depends on using an authentication mechanism which gives the server access to the plain password during authentication, so it will not work in all situations.