Don’t store users’ passwords in cleartext. Really.
It’s not a good idea. Also, it may be deemed a ‘knowing violation’ of the EU General Data Protection Regulation (GDPR) requirement to adequately protect personal data.
That is one key takeaway from the GDPR enforcement action by the State Commissioner for Data Protection and Freedom of Information