diff --git a/sam/user.structs.go b/sam/user.structs.go
index 50e9c4b9c..4d0d1b814 100644
--- a/sam/user.structs.go
+++ b/sam/user.structs.go
@@ -1,10 +1,14 @@
 package sam
 
+import (
+	"golang.org/x/crypto/bcrypt"
+)
+
 // Users
 type User struct {
 	ID       uint64
 	Username string
-	Password string `json:"-"`
+	Password []byte `json:"-"`
 
 	changed []string
 }
@@ -35,14 +39,20 @@ func (u *User) SetUsername(value string) *User {
 	}
 	return u
 }
-func (u *User) GetPassword() string {
-	return u.Password
+
+func (u *User) SetPassword(value string) error {
+	if !u.ValidatePassword(value) {
+		if encrypted, err := bcrypt.GenerateFromPassword([]byte(value), bcrypt.DefaultCost); err != nil {
+			return err
+		} else {
+			u.Password = encrypted
+			u.changed = append(u.changed, "password")
+		}
+	}
+
+	return nil
 }
 
-func (u *User) SetPassword(value string) *User {
-	if u.Password != value {
-		u.changed = append(u.changed, "password")
-		u.Password = value
-	}
-	return u
+func (u User) ValidatePassword(value string) bool {
+	return bcrypt.CompareHashAndPassword(u.Password, []byte(value)) == nil
 }
diff --git a/sam/user.structs_test.go b/sam/user.structs_test.go
new file mode 100644
index 000000000..0bcb772f7
--- /dev/null
+++ b/sam/user.structs_test.go
@@ -0,0 +1,24 @@
+package sam
+
+import (
+	"testing"
+)
+
+func TestUser_SetPassword(t *testing.T) {
+	const dummyPwd = "Lorem ipsum dolor sit amet, consectetur adipiscing elit..."
+	dummy := &User{}
+	initChLen := len(dummy.changed)
+	dummy.SetPassword(dummyPwd)
+
+	if dummyPwd == string(dummy.Password) {
+		t.Error("Internal password value should be encrypted")
+	}
+
+	if len(dummy.changed) <= initChLen {
+		t.Error("Password change should be recorded")
+	}
+
+	if !dummy.ValidatePassword(dummyPwd) {
+		t.Error("Revalidating password should succeed")
+	}
+}