diff --git a/server/models/user.js b/server/models/user.js
index c6d6771b66ce0fa81c83214159fdfefafb1e3849..782a288876811064cb61f0f682537bee1b504f05 100644
--- a/server/models/user.js
+++ b/server/models/user.js
@@ -21,6 +21,14 @@ const User = {
 
   update: async function (userId, updates = {}) {
     try {
+      // Rehash new password if it exists as update
+      // will be given to us as plaintext.
+      if (updates.hasOwnProperty("password") && updates.password.length >= 8) {
+        updates.password = bcrypt.hashSync(updates.password, 10);
+      } else {
+        delete updates.password;
+      }
+
       await prisma.users.update({
         where: { id: parseInt(userId) },
         data: updates,