This will seem like a very basic question, but I wanted to make sure I don't miss something.
When you enter your password in a login page and you press enter, what exactly happens right after until you're "approved"? I mean in common/regular websites.
I know some websites like Password managers, secure email providers etc. will generate the hash directly from your computer and send the hash to the server, never send your password.
However, for common/regular website my understanding is that the password in clear will be sent to the server. Whether the connection is encrypted in TLS(/HTTPS) or not is not an issue here, my concerns are about the server only.
When the password in clear arrives at the server, the server will compute its hash and compare it to its hash database. At this point it doesn't matter what hash algorithm is being used (bcrypt, sha-256, with salt or no salt, this is not the debate here).
1) Can you confirm this is the regular process in 2020?
2) What "mechanism" can make sure for us on the client side that the server will erase the password in clear from all types of memory right after it's computed its hash? Is this mechanism called "trust" or is there something to answer that concern?