From a user’s browser to the server, the password is sent in plaintext but is encrypted over HTTPS via the POST method, which is standard practice. But from server to database, it is not transmitted/stored in plain text.
We strongly recommend to integrate the EPC Application with the User and Access Management of the Clients. Once this is done, there is no need for creating Users in the EPC Application.