Adding an "app-aware" permissions framework to your site can allow your clients to administer themselves. Here's a pattern using Enums, allowing for compile time validation and permission types that can be discovered by reflection
Hashing your passwords is not enough, there are a number of hash databases which store huge numbers of hash values which act as a reverse lookup revealing your passwords true identity.
There are a lot of passwords in my head from numerous sites of which I am a member. I try not to use the same password for any two sites because ...