Currently the password protected endpoints seem to be using a plain password scheme. There should be an endpoint using a digested password.