diff --git a/docsite/rst/faq.rst b/docsite/rst/faq.rst
index 2ef04b17ca4..747fbccba32 100644
--- a/docsite/rst/faq.rst
+++ b/docsite/rst/faq.rst
@@ -276,6 +276,9 @@ Once the library is ready, SHA512 password values can then be generated as follo
 
     python -c "from passlib.hash import sha512_crypt; import getpass; print sha512_crypt.encrypt(getpass.getpass())"
 
+Use the integrated :ref:`hash_filters` to generate a hashed version of a password.
+You shouldn't put plaintext passwords in your playbook or host_vars, better use :doc:`playbooks_vault` to encrypt sensitive data.
+
 .. _commercial_support:
 
 Can I get training on Ansible or find commercial support?