Dependent on #13 and #8 and #7 . I'm a fan of [secure-remote-password](https://www.npmjs.com/package/secure-remote-password), but I'm open to other methods as well. If we go with SRP, you'll need at least two endpoints.