This article provides details about how passwords are hashed and encrypted for the purposes of migrations.

• custom hashes
• import database bulk

For Custom Databases in import mode, Auth0 will re-hash the user's password that was provided into the Universal Login form using bcrypt upon a successful login against the legacy database. (Or on signup if they are enabled).

For bulk imported users with custom hashes, if the hash has been imported correctly and Auth0 can reproduce the hash using the same algorithm and the user's password, Auth0 will re-hash the password using bcrypt, then delete the old imported hash and use the internally created bcrypt hash going forwards. 

In the event the hash does not match, Auth0 does not know whether the hash was imported incorrectly or the user provided the wrong password. Thus, it will report a wrong email or password error to the user, but the tenant logs will record this as a "type:fp" with a description of "Password change required."