Unreadable local parameter

When password hashing is at least partially implemented in a dedicated device (e.g., in a hardware security module or a dedicated server), it becomes possible to embed a local parameter in the device
If the local parameter is unreadable by the host system (e.g., by a server doing password authentication), this buys us an extra layer of security
Need to have a backup copy - e.g., a cluster of multiple HSMs or/and a piece of paper in CEO's safe