On Friday, 27 November 2015 at 07:46:33 UTC, H. S. Teoh wrote: > 1) The server stores password01 in the user database. I still wouldn't actually store this, hash it anyway and use that as the new "password".