A recent discussion among engineers at Neon explored the possibility of reducing the number of SCRAM password hashing iterations from 4096 to just one to optimize CPU usage and minimize latency during database connections. The debate focused on balancing security and performance, considering that OWASP recommends using PBKDF2 with 600,000 iterations for security best practices. Neon generates random passwords, making dictionary attacks infeasible, and suggests that increasing password length can compensate for reducing iterations, thereby maintaining security against brute-force attacks. The analysis showed that reducing iterations from 4096 to 1 is equivalent to adding 12 bits to the password's length, with the conclusion that longer passwords can adequately offset reduced iterations, aligning with Neon's goal to enhance efficiency while ensuring security.