Ouc. I hope you are aware that in case that thing gets abused in any way and you end up in court, incompetence is not a valid way to avoid liability, and gross neglect means any legal defense breaks. NO PASSWORD EVER should be stored in clear text. There are known and documented ways to handle this since - 2 decades? And any authentication system that is not writte in ignorance of best practices uses that. You literally teach people how to be neglegient and HOPE that i.e. none of the people with access to this table sells the information, or that they do not leak. Had a discussion about that yesterday in a planning session and was using a similar approach as an example how to create a full legal liability.