Customers should not remove the *PW00= record as that is where the password is stored.
Without password phrases, you can still keep the password in the USER record but once a password is changed, it goes to the *PW00 record.
VM:Secure will update both areas (USER record and *PW00= record) as long as you are using traditional passwords (8 characters or under). Once you go to password phrases, the *PW00= record will contain the password … period. The USER record will reflect the last traditional password used for that user ID.
The rest of the *PWnn= records (*PW01= through *PW99= ) are password history and in the case of NOLOG, AUTOONLY and LBYONLY entries, likely doesn’t mean much and can be deleted if you don’t care to check password history on a password change for these user IDs.
If you don’t want to collect any *PW01-*PW99 records, you should remove the *PW= record from those user IDs. Without a *PW= record we won’t keep password history at all so there would only be the *PW00 record for user IDs you don’t want history for. So, if you don’t want password history for a user ID, you should remove the *PW= record and can remove *PW01= through *PW99= records for those user IDs too.