On Tuesday, 30 April 2019 at 08:31:40 UTC, Kagamin wrote: > You better obfuscate the password on client side. No, this particular password does not come from clients. Rather, it's given by server maintainer and used to generate passcodes that are then distributed to clients.