@FrankMcG @DAkacki You're conflating the generation of a password for a user with the plaintext storage here They could generate client-side and store hashed, and buy some time to deal with some of the headaches if their plaintext db is compromised - reissuing pwds for all users being just one