I have a legacy system that uses SHA1 for passwords as opposed to bcrypt, which is used by Laravel. For now, I need people to be able to access through both systems. I use the auth.attempt event to handle password conversion.