Passwords are encrypted with BCrypt
 
	And the password sending was removed after the testing phase, we just missed off removing from the email
 
	To reset password we have it send an auth code to the email which you enter upon a reset password page to change the password.