diff --git a/ssoauth/auth_utils.py b/ssoauth/auth_utils.py
index cd86bf6e93bbb408f96bdaafcb0da43c9773b996..cf5b0ae24e21488277cc8e2496fa3bd21b4da12f 100644
--- a/ssoauth/auth_utils.py
+++ b/ssoauth/auth_utils.py
@@ -64,6 +64,8 @@ def get_or_create_user(uuid, username):
     def create_user(uuid, username):
         _validate_username(username)
         user = get_user_model().objects.create(username=username, is_staff=False)
+        user.set_unusable_password()
+        user.save()
         models.UserMapping.objects.create(user=user, uuid=uuid)
         logger.info("Created user: {username} {uuid}".format(**locals()))
         return user
diff --git a/ssoauth/checks.py b/ssoauth/checks.py
index d68d8009770e7ae20baf482e5e522cea8b0c816b..93c054f0e8869c5bbac75575adeda99f6cfaff30 100644
--- a/ssoauth/checks.py
+++ b/ssoauth/checks.py
@@ -27,15 +27,11 @@ def _ignore_db_errors(function):
 def no_passwords_stored(app_configs, **kwargs):
     errors = list()
     user_model = get_user_model()
-    users_with_password = user_model.objects.exclude(password__isnull=True).exclude(password="")
-    if users_with_password:
-        errors.append(Error(
-            "Some users have their password stored in the database: {}".format(", ".join(u.username for u in users_with_password)),
-            obj=user_model
-        ))
-        for user in users_with_password:
-            user.password = str()
+    for user in user_model.objects.all():
+        if user.has_usable_password():
+            user.set_unusable_password()
             user.save()
+            errors.append(Warning("User \"{0}\" had usable password. Automatically fixed.".format(user), obj=user_model))
     return errors