diff --git a/TShockAPI/Commands.cs b/TShockAPI/Commands.cs
index e048b58d..0d6c7275 100755
--- a/TShockAPI/Commands.cs
+++ b/TShockAPI/Commands.cs
@@ -740,7 +740,7 @@ namespace TShockAPI
 			}
             
 			User user = TShock.Users.GetUserByName(args.Player.Name);
-			string encrPass = "";
+			string password = "";
 			bool usingUUID = false;
 			if (args.Parameters.Count == 0 && !TShock.Config.DisableUUIDLogin)
 			{
@@ -754,7 +754,7 @@ namespace TShockAPI
 				if (Hooks.PlayerHooks.OnPlayerPreLogin(args.Player, args.Player.Name, args.Parameters[0]))
 					return;
 				user = TShock.Users.GetUserByName(args.Player.Name);
-				encrPass = TShock.Utils.HashPassword(args.Parameters[0]);
+				password = args.Parameters[0];
 			}
 			else if (args.Parameters.Count == 2 && TShock.Config.AllowLoginAnyUsername)
 			{
@@ -762,7 +762,7 @@ namespace TShockAPI
 					return;
 
 				user = TShock.Users.GetUserByName(args.Parameters[0]);
-				encrPass = TShock.Utils.HashPassword(args.Parameters[1]);
+				password = args.Parameters[1];
 				if (String.IsNullOrEmpty(args.Parameters[0]))
 				{
 					args.Player.SendErrorMessage("Bad login attempt.");
@@ -783,7 +783,7 @@ namespace TShockAPI
 				{
 					args.Player.SendErrorMessage("A user by that name does not exist.");
 				}
-				else if (user.Password.ToUpper() == encrPass.ToUpper() ||
+				else if (user.VerifyPassword(password) ||
 						(usingUUID && user.UUID == args.Player.UUID && !TShock.Config.DisableUUIDLogin &&
 						!String.IsNullOrWhiteSpace(args.Player.UUID)))
 				{
@@ -888,8 +888,8 @@ namespace TShockAPI
 				if (args.Player.IsLoggedIn && args.Parameters.Count == 2)
 				{
 					var user = TShock.Users.GetUserByName(args.Player.UserAccountName);
-					string encrPass = TShock.Utils.HashPassword(args.Parameters[0]);
-					if (user.Password.ToUpper() == encrPass.ToUpper())
+					string password = args.Parameters[0];
+					if (user.VerifyPassword(password))
 					{
 						args.Player.SendSuccessMessage("You changed your password!");
 						TShock.Users.SetUserPassword(user, args.Parameters[1]); // SetUserPassword will hash it for you.
diff --git a/TShockAPI/DB/UserManager.cs b/TShockAPI/DB/UserManager.cs
index 571fd0d7..713da3cd 100755
--- a/TShockAPI/DB/UserManager.cs
+++ b/TShockAPI/DB/UserManager.cs
@@ -115,7 +115,7 @@ namespace TShockAPI.DB
 			try
 			{
 				if (
-					database.Query("UPDATE Users SET Password = @0 WHERE Username = @1;", TShock.Utils.HashPassword(password),
+					database.Query("UPDATE Users SET Password = @0 WHERE Username = @1;", user.Password,
 					               user.Name) == 0)
 					throw new UserNotExistException(user.Name);
 			}
diff --git a/TShockAPI/GetDataHandlers.cs b/TShockAPI/GetDataHandlers.cs
index cfda3486..3599267b 100755
--- a/TShockAPI/GetDataHandlers.cs
+++ b/TShockAPI/GetDataHandlers.cs
@@ -1512,8 +1512,7 @@ namespace TShockAPI
 			var user = TShock.Users.GetUserByName(args.Player.Name);
 						if (user != null && !TShock.Config.DisableLoginBeforeJoin)
 			{
-				string encrPass = TShock.Utils.HashPassword(password);
-				if (user.Password.ToUpper() == encrPass.ToUpper())
+				if (user.VerifyPassword(password))
 				{
 						args.Player.RequiresPassword = false;
 						args.Player.PlayerData = TShock.CharacterDB.GetPlayerData(args.Player, TShock.Users.GetUserID(args.Player.Name));
diff --git a/TShockAPI/Rest/SecureRest.cs b/TShockAPI/Rest/SecureRest.cs
index 0913a87d..ee33e5a6 100644
--- a/TShockAPI/Rest/SecureRest.cs
+++ b/TShockAPI/Rest/SecureRest.cs
@@ -132,7 +132,7 @@ namespace Rests
             if (userAccount == null)
                 return new RestObject("401") { Error = "Invalid username/password combination provided. Please re-submit your query with a correct pair." };
 			
-			if (!TShock.Utils.HashPassword(password).Equals(userAccount.Password, StringComparison.InvariantCultureIgnoreCase))
+			if (!userAccount.VerifyPassword(password))
 				return new RestObject("401")
 					{ Error = "Invalid username/password combination provided. Please re-submit your query with a correct pair." };
 
diff --git a/TShockAPI/Utils.cs b/TShockAPI/Utils.cs
index bdb82b9c..f73386e4 100644
--- a/TShockAPI/Utils.cs
+++ b/TShockAPI/Utils.cs
@@ -723,7 +723,7 @@ namespace TShockAPI
 		/// <summary>
 		/// Default hashing algorithm.
 		/// </summary>
-		[Obsolete("This is no longer necessary, please use TShock.Config.HashAlgorithm instead.")]
+		[Obsolete("This is no longer necessary, please use TShock.Config.HashAlgorithm instead if you really need it (but use User.VerifyPassword(password)) for verifying passwords.")]
 		public string HashAlgo = "sha512";
 
 		/// <summary>