I might suggest that although you are connecting to your php server over an https connection, to be more secure you could generate the hash on your app then store the hash as the password on the server. You would only need to do a password comparison (hash v hash) when signing in.
1 Like