diff --git a/internal/auth/auth.go b/internal/auth/auth.go
index 849a1c7..a18cd82 100644
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@@ -157,7 +157,8 @@ func (auth *Authentication) Login(onsuccess http.Handler, onfailure func(rw http
 		user := (*User)(nil)
 		if username != "" {
 			if user, _ = auth.GetUser(username); err != nil {
-				log.Warnf("login of unkown user %#v", username)
+				// log.Warnf("login of unkown user %#v", username)
+				_ = err
 			}
 		}
 
diff --git a/internal/auth/users.go b/internal/auth/users.go
index f21bafa..0de710f 100644
--- a/internal/auth/users.go
+++ b/internal/auth/users.go
@@ -11,6 +11,7 @@ import (
 	"github.com/ClusterCockpit/cc-backend/pkg/log"
 	sq "github.com/Masterminds/squirrel"
 	"github.com/jmoiron/sqlx"
+	"golang.org/x/crypto/bcrypt"
 )
 
 func (auth *Authentication) GetUser(username string) (*User, error) {
@@ -36,8 +37,14 @@ func (auth *Authentication) GetUser(username string) (*User, error) {
 
 func (auth *Authentication) AddUser(user *User) error {
 	rolesJson, _ := json.Marshal(user.Roles)
+
+	password, err := bcrypt.GenerateFromPassword([]byte(user.Password), bcrypt.DefaultCost)
+	if err != nil {
+		return err
+	}
+
 	cols := []string{"username", "password", "roles"}
-	vals := []interface{}{user.Username, user.Password, string(rolesJson)}
+	vals := []interface{}{user.Username, string(password), string(rolesJson)}
 	if user.Name != "" {
 		cols = append(cols, "name")
 		vals = append(vals, user.Name)