diff --git a/functions.php b/functions.php
index a237aff5a..362f965a4 100644
--- a/functions.php
+++ b/functions.php
@@ -1423,16 +1423,18 @@
 
 		if (!SINGLE_USER_MODE) {
 
-			$pwd_hash = 'SHA1:' . sha1($password);
+			$pwd_hash1 = encrypt_password($password);
+			$pwd_hash2 = encrypt_password($password, $login);
 
 			if ($force_auth && defined('_DEBUG_USER_SWITCH')) {
 				$query = "SELECT id,login,access_level
 	            FROM ttrss_users WHERE
 		         login = '$login'";
 			} else {
-				$query = "SELECT id,login,access_level
+				$query = "SELECT id,login,access_level,pwd_hash
 	            FROM ttrss_users WHERE
-		         login = '$login' AND pwd_hash = '$pwd_hash'";
+					login = '$login' AND (pwd_hash = '$pwd_hash1' OR
+						pwd_hash = '$pwd_hash2')";
 			}
 
 			$result = db_query($link, $query);
@@ -1449,7 +1451,7 @@
 	
 				$_SESSION["theme"] = $user_theme;
 				$_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"];
-				$_SESSION["pwd_hash"] = $pwd_hash;
+				$_SESSION["pwd_hash"] = db_fetch_result($result, 0, "pwd_hash");
 	
 				initialize_user_prefs($link, $_SESSION["uid"]);
 	
@@ -4766,4 +4768,12 @@
 		return $url_path;
         }
 
+	function encrypt_password($pass, $login = '') {
+		if ($login) {
+			return "SHA1X:" . sha1("$login:$pass");
+		} else {
+			return "SHA1:" . sha1($pass);
+		}
+	}
+
 ?>
diff --git a/modules/pref-prefs.php b/modules/pref-prefs.php
index a3132ce4c..6c1934309 100644
--- a/modules/pref-prefs.php
+++ b/modules/pref-prefs.php
@@ -31,8 +31,12 @@
 				return;
 			}
 
-			$old_pw_hash = 'SHA1:' . sha1($_POST["OLD_PASSWORD"]);
-			$new_pw_hash = 'SHA1:' . sha1($_POST["NEW_PASSWORD"]);
+			$old_pw_hash1 = encrypt_password($_POST["OLD_PASSWORD"]);
+			$old_pw_hash2 = encrypt_password($_POST["OLD_PASSWORD"],
+				$_SESSION["name"]);
+
+			$new_pw_hash = encrypt_password($_POST["NEW_PASSWORD"],
+				$_SESSION["name"]);
 
 			$active_uid = $_SESSION["uid"];
 			
@@ -41,8 +45,8 @@
 				$login = db_escape_string($_SERVER['PHP_AUTH_USER']);
 
 				$result = db_query($link, "SELECT id FROM ttrss_users WHERE 
-					id = '$active_uid' AND (pwd_hash = '$old_pw' OR 
-						pwd_hash = '$old_pw_hash')");
+					id = '$active_uid' AND (pwd_hash = '$old_pw_hash1' OR 
+						pwd_hash = '$old_pw_hash2')");
 
 				if (db_num_rows($result) == 1) {
 					db_query($link, "UPDATE ttrss_users SET pwd_hash = '$new_pw_hash'