I can provide that, see Re^2: Priorities perhaps? (Password reset)

(Alas these impromptu private pmdev talks are not really suitable to discuss this, b/c there are no notifications or RAT views.)

Alas these impromptu private pmdev talks are not really suitable to discuss

Do you have any suggestions to improve the discussions?

I'd be happy to set up a WhatsApp group or a private Facebook group for cabal members who wanted to be part of it...

I think the implied suggestion is to use the Perlmonks Discussion section (or Scriptorium) because then there's better visibility via notifications and RAT views.

My usual way of approaching this is to encrypt the password with the sha512_base64 method from Digest::SHA. I then generate a random 40 character string to salt the password. The random string gets changed when the user changes their password. I split the 64-character encoded password into two parts and insert a hash of the salt. I split the encoded password a different place for each site I write.

I reckon that's pretty unbreakable without access to the codebase.

But, the difficulty isn't encoding the passwords or storing passwords and possibly salts.

As you rightly point out, the biggest difficulty is that we can't just send out encoded passwords. Once encoded, users need a means to select a new password, and that means a whole new workflow needs to be created. It's simple enough to do but there is quite a bit of work. Another issue is that it would be difficult to properly test without a test server but certainly not impossible.