Instead of storing the password, could tokens be used? This would enable:

• deauthorizing clients
• not storing someone's garbage quality password locally