re-wrote password handling to be cleaner (somewhat), remember ok passwords so we can distinguish between unknown and known passwords as well as ignore single SEQ-ID errors