diff --git a/flask_security/utils.py b/flask_security/utils.py
index f75a17e..5698322 100644
--- a/flask_security/utils.py
+++ b/flask_security/utils.py
@@ -135,7 +135,7 @@ def verify_and_update_password(password, user):
         password = get_hmac(password)
     verified, new_password = _pwd_context.verify_and_update(password, user.password)
     if verified and new_password:
-        user.password = new_password
+        user.password = encrypt_password(password)
         _datastore.put(user)
     return verified
 
diff --git a/tests/test_misc.py b/tests/test_misc.py
index 9b76457..96111aa 100644
--- a/tests/test_misc.py
+++ b/tests/test_misc.py
@@ -171,6 +171,11 @@ def test_change_hash_type(app, sqlalchemy_datastore):
     response = client.post('/login', data=dict(email='matt@lp.com', password='password'))
     assert response.status_code == 302
 
+    response = client.get('/logout')
+
+    response = client.post('/login', data=dict(email='matt@lp.com', password='password'))
+    assert response.status_code == 302
+
 
 def test_md5():
     data = md5(b'hello')