[skalpelis]

Generate another password upon request, store both hashes with the user account and make the user account accessible with both passwords. Not that I condone such snooping, but that isn't that hard of a workaround to implement.

[redthrowaway]

That doesn't get around the fact that the police would likely want a password in useable form, that is, something they can log in with. If you're storing something in that form, it's functionally plaintext and subject to all of the issues associated therewith. Hashing it then building in a workaround is like putting a deadbolt on your door but leaving your window open. A compromised database would have the same effect with your solution that it would with passwords stored in plaintext.