I have imported a test user using custom hash and login is working fine. However, after first successful login, I am not able to update custom password hash. Does that mean, Auth0 start using their default hashing algorithm for the user imported with custom password hash after the first success login? If not, is there a way to force rehashing of the password using different algorithm after first successful login?
But what if some start attacking with brute-force dictionary list for these imported users before they login for the first time? What should be the recommended way of protecting user imported with the custom password hash that’s been hashed using a weak algorithm?
Any help is much appreciated.