[3np]

> hash the username column

Is this giving you any real security benefit? (I'd assume the usernames are indexed elsewhere and that it's a reasonable assumption that whoever gains access to this hashed data has access to the username list as well, making a lookup trivial - or are these not safe assumptions?)

[couchand]

Not GP, but one architecture where there would be a difference is there's a distinct identity provider, responsible solely for exchanging the user's long-lived username/password credentials for a short-lived ticket.

[bigDinosaur]

I imagine the process going a bit like https://youtu.be/y8OnoxKotPQ

[christophilus]

I knew what that was before I clicked it. Never disappoints.

[donatj]

It's a PII covering our butts thing more than anything. Wanting to absolutely minimize what we know about our users.