I agree. The field shouldn’t have been called ‘password’ in the first place, but rather ‘plaintextPassword’ or similar. That makes the code much more readable, if at a glance I know if I’m dealing with the hash or the plaintext version.