[gtsteve]

That's really good and thanks for responding to the question. I think I could be tempted to try a service like this for a future project.

I'm guessing the password hash format is something like bcrypt2? Is there an API for that? The feature quite nicely mitigates a situation where prices are unreasonably raised, but to mitigate a rug-pull event such as a business failure, malicious action or serious technical failure I'd probably want to automate this.

If that sounds like I'm sort of paranoid, it's probably because I am. I do this with all my company's cloud data.

[connorkinde]

Trust me when I say that we're paranoid about data too. Our security specialist was the second hire.

It was a huge issue with Auth0 recently when they were bought by Okta. We've spoken to customers who have had their prices increased 2-20x virtually overnight with no forewarning and they've been forced to go through a process with customer support in order to get access to their user base and move off.

I'll get someone from the team with a better understanding of the password hashing to get back to you on this but I believe it's bcrypt2.

As Dave mentioned we're trying to make it as easy as possible to get your users out. I'll chat to someone from the team about the automation, it's an interesting idea

[dave_kinde]

That's right, bcrypt2 - we also upgrade imported users passwords to this more secure hashing algorithm if they were previously using something less secure like md5. This is all done transparently on their first login with no impact to the user flow.

The self-service export is UI driven at the moment, as exporting passwords requires approval from an additional owner/admin for security. We could definitely extend this to be initiated by API though