but what we'd really like is:
        
        a user has a name, and you can ask if its password is correct