@voddan: it is best to use OAUTH if the user base has existing accounts on big networks like Google, Facebook, LinkedIn, GitHub. There are good libraries out there and it is better than you trying to be secure with people’s passwords (which most people aren’t who write their own and don’t thoroughly understand cryptology)