That's right, in a way. The users are there, but we don't store the passwords directly, only some information derived from the password to allow the user to prove that they have the same one as when they registered. The server never actually learns the password.

ok great thank you 🙂