Ory Kratos does not explicitly document a built-in concept of an "unusable password" (such as a special value that will never match any user input). However, there are a few relevant points from the knowledge sources: - When importing credentials, you can set a password hash directly, or use a clear text password, which will be hashed and stored. There is no mention of a reserved value or mechanism for marking a password as unusable or permanently invalid. Users are expected to update their password via self-service flows if needed, but there is no documented way to set a password that will never match any input [Importing credentials](https://www.ory.sh/docs/kratos/manage-identities/import-user-accounts-identities#importing-credentials). - There is a password migration mechanism using a web hook, where you can import users with an empty password hash and a flag to trigger migration on first login. However, this is for migration purposes, not for marking a password as unusable [Password migration using a web hook](https://www.ory.sh/docs/kratos/manage-identities/import-user-accounts-identities#password-migration-using-a-web-hook). - There is a discussion about patching credentials, where a maintainer notes that you can technically update the password hash directly, but this is not recommended and may not be supported in the future. The recommended way is to use the intended API for updating credentials, but again, there is no mention of an "unusable password" feature [Is credentials patching supported?](https://github.com/ory/kratos/discussions/4395). In summary, the knowledge sources do not describe a supported or documented way to save an "unusable password" in Kratos that will never be evaluated as matching another one. If you need to disable password login for a user, you may want to consider disabling the password strategy for that identity or using another supported mechanism, but this is not explicitly covered in the provided documentation.