diff --git a/app/Entities/Users/User.php b/app/Entities/Users/User.php
index 44e81ed..59eb7f0 100644
--- a/app/Entities/Users/User.php
+++ b/app/Entities/Users/User.php
@@ -24,16 +24,6 @@ class User extends Authenticatable
     protected $hidden = ['password', 'remember_token', 'api_token'];
 
     /**
-     * Set user password attribute on save.
-     *
-     * @param void
-     */
-    public function setPasswordAttribute($value)
-    {
-        $this->attributes['password'] = bcrypt($value);
-    }
-
-    /**
      * Show user name with link to user detail.
      *
      * @return Illuminate\Support\HtmlString
diff --git a/app/Http/Controllers/Auth/ChangePasswordController.php b/app/Http/Controllers/Auth/ChangePasswordController.php
index 34f698e..3106b5f 100644
--- a/app/Http/Controllers/Auth/ChangePasswordController.php
+++ b/app/Http/Controllers/Auth/ChangePasswordController.php
@@ -43,7 +43,7 @@ class ChangePasswordController extends Controller
 
         if (app('hash')->check($input['old_password'], auth()->user()->password)) {
             $user = auth()->user();
-            $user->password = $input['password'];
+            $user->password = bcrypt($input['password']);
             $user->save();
 
             flash(trans('auth.password_changed'), 'success');
diff --git a/app/Http/Controllers/InstallationController.php b/app/Http/Controllers/InstallationController.php
index 5fd8976..21531fe 100755
--- a/app/Http/Controllers/InstallationController.php
+++ b/app/Http/Controllers/InstallationController.php
@@ -48,6 +48,7 @@ class InstallationController extends Controller
         $adminData = $request->only('name', 'email', 'password');
 
         $adminData['api_token'] = str_random(32);
+        $adminData['password'] = bcrypt($adminData['password']);
 
         $admin = User::create($adminData);
         $admin->assignRole('admin');
diff --git a/app/Http/Controllers/Users/UsersController.php b/app/Http/Controllers/Users/UsersController.php
index 2b987b3..085f191 100755
--- a/app/Http/Controllers/Users/UsersController.php
+++ b/app/Http/Controllers/Users/UsersController.php
@@ -37,8 +37,10 @@ class UsersController extends Controller
             'role'     => 'required|array',
         ]);
 
-        if (!$userData['password']) {
-            $userData['password'] = \Option::get('password_default', 'member');
+        if ($userData['password']) {
+            $userData['password'] = bcrypt($userData['password']);
+        } else {
+            $userData['password'] = bcrypt(\Option::get('password_default', 'member'));
         }
 
         $userData['api_token'] = str_random(32);
@@ -90,6 +92,9 @@ class UsersController extends Controller
             'lang'     => 'required|string|in:en,id',
         ]);
 
+        if ($userData['password']) {
+            $userData['password'] = bcrypt($userData['password']);
+        }
         $user->update($userData);
 
         \DB::table('user_roles')->where(['user_id' => $user->id])->delete();
diff --git a/database/factories/ModelFactory.php b/database/factories/ModelFactory.php
index 9b7deed..dcedcca 100644
--- a/database/factories/ModelFactory.php
+++ b/database/factories/ModelFactory.php
@@ -10,7 +10,7 @@ $factory->define(User::class, function (Faker\Generator $faker) {
     return [
         'name'           => $faker->name,
         'email'          => $faker->unique()->email,
-        'password'       => 'member',
+        'password'       => '$2y$10$TKh8H1.PfQx37YgCzwiKb.KjNyWgaHb9cbcoQgdIVFlYg7B77UdFm', // secret
         'remember_token' => str_random(10),
         'api_token'      => str_random(32),
         'lang'           => 'en',
diff --git a/tests/Feature/Auth/ChangePasswordTest.php b/tests/Feature/Auth/ChangePasswordTest.php
index 8cee67f..90aa3d2 100644
--- a/tests/Feature/Auth/ChangePasswordTest.php
+++ b/tests/Feature/Auth/ChangePasswordTest.php
@@ -24,12 +24,12 @@ class ChangePasswordTest extends TestCase
         ]);
         $this->see(trans('auth.old_password_failed'));
         $this->assertTrue(
-            app('hash')->check('member', $user->password),
+            app('hash')->check('secret', $user->password),
             'The password shouldn\'t changed!'
         );
 
         $this->submitForm(trans('auth.change_password'), [
-            'old_password'          => 'member',
+            'old_password'          => 'secret',
             'password'              => 'rahasia',
             'password_confirmation' => 'rahasia',
         ]);
diff --git a/tests/Feature/Auth/LoginTest.php b/tests/Feature/Auth/LoginTest.php
index a96c141..2e525b1 100644
--- a/tests/Feature/Auth/LoginTest.php
+++ b/tests/Feature/Auth/LoginTest.php
@@ -19,7 +19,7 @@ class LoginTest extends TestCase
 
         $this->submitForm(trans('auth.login'), [
             'email'    => 'email@mail.com',
-            'password' => 'member',
+            'password' => 'secret',
         ]);
 
         $this->see(trans('auth.welcome', ['name' => $user->name]));
diff --git a/tests/Feature/Users/ManageUsersTest.php b/tests/Feature/Users/ManageUsersTest.php
index e54dd13..02e857c 100644
--- a/tests/Feature/Users/ManageUsersTest.php
+++ b/tests/Feature/Users/ManageUsersTest.php
@@ -113,6 +113,11 @@ class ManageUsersTest extends TestCase
             'user_id' => $user2->id,
             'role_id' => 2,
         ]);
+
+        $this->assertTrue(
+            app('hash')->check('password', $user2->fresh()->password),
+            'The password should changed!'
+        );
     }
 
     /** @test */