It could be interesting for the developer to observe when a credential is updated in order to validate against certain rules, like the Password strength, for example. A Bean Validation implementation could be provided by default.