@FrankMcG@DAkacki You're conflating the generation of a password for a user with the plaintext storage here
They could generate client-side and store hashed, and buy some time to deal with some of the headaches if their plaintext db is compromised - reissuing pwds for all users being just one