[ ] hash the passwords at register and flag pwd as hashed
[ ] hash the passwords of existing users at their next login and store them
[ ] implement emailing and route for 'forgot my password' : send an email with token valid for a few days, to reroute to a page with a form with 'enter a new password' + email
Need to implement a way to :