Make sure password verification is based on the defined types.

Eliminate char[] verification, this becomes quite problematic as the next question is do we support String, do we support a byte[] - these can then be supported by automatic conversion to a ClearPassword.