Passwords should not be in a regular branch

If passwords are kept in a branch, then there will be much confusion when rolling back to an eariler branch. Similarly it makes no sense to have account ledgers in every branch or database, as a user needs to be able to review a consolidated ledger--and all logins should be against a single master account. At the same time, users should have a user rolon in every branch they are active in--permissions may differ and for each branch we should be able to view the activities of each user.

So let us say that there is a master branch in a master database where the master accounts are maintained--which contain the account ledger, the password and little else. One logs into the master db and gets a token, which can then be used without subsequent access to the master db as the server will maintain the valid tokens in memory.

A user then needs a master account before they can have an account in another database or branch.