I have read with interest and empathy the discussions on never storing passwords as data in the solution. I appreciate the concerns, and would like to avoid the pitfalls.
I have a solution that needs to allow the customer to create their own user accounts. Scripting and managing that is easy: all done. At the point of upgrade to the next version we would have an import routine to import all of their data. As they will have created their own custom accounts we also need to replicate those into the upgrade clone. We can do that easily if we store the account names - and hence the passwords - in the database; but that is what is frowned upon, bigtime.
The users are often workgroups of 4-5 PCs - they have no need nor interest in a Domain and its Account management facilities. How can we avoid storing Account names and passwords in the database, yet have an upgrade routine that allows them to see exactly the same data and access features as they had before?