My app has a pre-subscription system to allow users to subscribe without password.
But malicious users who haven\'t finished their subscription (= don\'t have a password
