After Password Hash Export - Some Users Have custom_password_hash Value

Problem statement

We recently requested an export of our user password hashes. We noticed some users who had a custom_password_hash had a sha256 password hash value in the format of 2.0$$$. Can we get some help interpreting this?

Solution

These users have been imported through a Bulk User Import, and had a custom_password_hash for that import. The hashes that start with 2.0$ are encrypted hashes. The first time a user logs in after import, Auth0 replaces that encrypted hash with a valid Auth0 hash. The users who still have this 2.0$ password hash never logged in with Auth0.

It is not possible to receive the password hash export with the Auth0 hashes if they have never logged in with Auth0.