Add an option so that passwords are not directly stored in DB.
SHA-256 should be enough on passwords.