but what we'd really like is: a user has a name, and you can ask if its password is correct