Get rid of the user passwords and quickly build an
application supporting Webauthn without any effort.
No password? No troubles.
With Webauthn, you donโt have to care of all of the security problems induced by passwords as you donโt manage them.
No sensitive data is stored. You just need to store public keys, counters, certificate chains (optional). You or the users can decide anonymize the data you collect.
The data does not pose any risk if leaked.