We're going to need to use this from places that aren't password auth, so let's move it to a proper class.