Reply to post:

I'm still not sure what circumstances would require one to log passwords. I've coded a pile of authentication systems and even the highest debugging levels only ever logged username and success y/n - logging the password even to a secure database would be a massive no-no. That shit is salted and hashed into an unrecognisable mass by any dev who know their shit, and then it's stored in a heavily monitored cluster/store/whatever where you check exactly who looks at it because it's highly sensitive data. Right? I mean storing elsewhere as plaintext undoes any other security measures you might have (OK, 2fa defeats a lot of that, but few systems enforce 2fa, facebook does some half-assed geolocating stuff so chinese script-kiddies can't brute force you)