Yes, individual users set and maintain their own passwords. These are not known by our helpdesk staff and can be prompted to be changed regularly (typically monthly) just like an in-house server.