Passwords are stored in the /etc/shadow file, which is restricted to the root user. 
A standard user cannot write to it directly. However, the passwd executable is owned by root and has the SUID permission set. 
When a standard user runs passwd, the SUID bit tells the system to execute the program with the privileges of root, 
giving the program the temporary permissions to update /etc/shadow