diff --git a/object/token.go b/object/token.go
index 38c76a28..45150f76 100644
--- a/object/token.go
+++ b/object/token.go
@@ -522,7 +522,8 @@ func GetPasswordToken(application *Application, username string, password string
 	if user == nil {
 		return nil, errors.New("error: the user does not exist")
 	}
-	if user.Password != password {
+	msg := CheckPassword(user, password)
+	if msg != "" {
 		return nil, errors.New("error: invalid username or password")
 	}
 	if user.IsForbidden {