Our auditors never even got as far as passwords. They were upset that the Logon Prompt MPE XL: would inform potential hackers what system they were hacking in to. I'm not sure Auditors take reality into consideration.