You need to ofc 'salt' end users passwords just before hashing them to avoid with the ability to Get better the original password from the hash. $endgroup$$begingroup$ As hashes are preset duration, does that suggest that even though not specified when creating the password, all login units would wish to have some sort of greatest enter duration (W