is there a reason we’re not calling the nsec a password? probably should just do that i think…