How are the users going to access the password? Via mobile app, browser, desktop app?

One way is to generate a temporary public-private key on the user-agent. Let the user-agent send the public key to the server. The server encrypts the data with the public key, sends the encrypted data to the user-agent and then deletes the public key. The user-agent then decrypts the received encrypted data using the private key. Once the data is decrypted, the user-agent deletes the public and private keys.