Kentico uses default .NET framework methods - so, there is also some hash salt string being used and so on. The passwords are in the DB - so when you transfer the DB, the values and passwords are still the same. Where and how are you transferring the project? In cases like this it is safer e.g. to set some password policy or password expiration so the users are forced to change their passwords on the first logon.