diff --git a/src/api/app/controllers/webui/user_controller.rb b/src/api/app/controllers/webui/user_controller.rb
index 6fc44ebb5953a39a863ddec42f50ec8f6d0a9f29..cbb86da090601a4f0dc66e6983f83ef6c25a45dc 100644
--- a/src/api/app/controllers/webui/user_controller.rb
+++ b/src/api/app/controllers/webui/user_controller.rb
@@ -217,7 +217,7 @@ class Webui::UserController < Webui::WebuiController
 
   def change_password
     # check the valid of the params
-    unless User.current.password_equals?(params[:password])
+    unless User.current.password_equals?(params[:password]) || User.current.password_invalid?
       errmsg = 'The value of current password does not match your current password. Please enter the password and try again.'
     end
     if not params[:new_password] == params[:repeat_password]
diff --git a/src/api/app/models/user.rb b/src/api/app/models/user.rb
index 4e0f71a7a73f8d7dd4f4762a832f5bd6ec38704a..c2851a38eae6f2f4c0a154cee2a0a2ca5550aef5 100644
--- a/src/api/app/models/user.rb
+++ b/src/api/app/models/user.rb
@@ -23,7 +23,7 @@ class User < ActiveRecord::Base
   include ActiveModel::Dirty
   include CanRenderModel
 
-  PASSWORD_HASH_TYPES = ['md5', 'md5crypt', 'sha256crypt']
+  PASSWORD_HASH_TYPES = ['md5', 'md5crypt', 'sha256crypt', 'invalid']
 
   STATES = {
     'unconfirmed'        => 1,
@@ -131,6 +131,9 @@ class User < ActiveRecord::Base
   #
   def update_password(pass)
     password_will_change!
+    if password_invalid?
+      self.password_hash_type = 'sha256crypt'
+    end
     self.password_crypted = hash_string(pass).crypt('os')
     self.password_confirmation = hash_string(pass)
     self.password = hash_string(pass)
@@ -311,7 +314,11 @@ class User < ActiveRecord::Base
   # This method checks whether the given value equals the password when
   # hashed with this user's password hash type. Returns a boolean.
   def password_equals?(value)
-    hash_string(value) == self.password
+    hash_string(value) == self.password && !password_invalid?
+  end
+
+  def password_invalid?
+    self.password_hash_type == 'invalid'
   end
 
   # Sets the last login time and saves the object. Note: Must currently be
@@ -1048,6 +1055,8 @@ class User < ActiveRecord::Base
       Digest::MD5.hexdigest(value + password_salt)
     elsif crypt2index.keys.include?(password_hash_type)
       value.crypt("$#{crypt2index[password_hash_type]}$#{password_salt}$").split("$")[3]
+    else
+      'invalid'
     end
   end
 
diff --git a/src/api/app/views/webui/user/_password_dialog.html.erb b/src/api/app/views/webui/user/_password_dialog.html.erb
index 45172f02197b98717b69dd3a2e4681b8b6dc04af..c5113acc309f040e9a78f47a44fd90129564fa51 100644
--- a/src/api/app/views/webui/user/_password_dialog.html.erb
+++ b/src/api/app/views/webui/user/_password_dialog.html.erb
@@ -5,10 +5,12 @@
   <h2 class="box-header">Change Your Password</h2>
   <div class="dialog-content">
     <%= form_tag(:action => 'change_password') do %>
+      <% if !User.current.password_invalid? %>
       <p>
         <%= label_tag :password, 'Current Password:' %><br/>
         <%= text_field_tag :password, nil, :type => 'password', :required => 'true'%>
       </p>
+      <% end %>
       <p>
         <%= label_tag :new_password, 'New Password:' %><br/>
         <%= text_field_tag :new_password, nil, :type => 'password', :autocomplete => 'off', :required => 'true' %>