diff --git a/pandora_console/extras/mr/60.sql b/pandora_console/extras/mr/60.sql
index 638c4b3031..622e73c173 100644
--- a/pandora_console/extras/mr/60.sql
+++ b/pandora_console/extras/mr/60.sql
@@ -8,4 +8,6 @@ ALTER TABLE `tagent_custom_fields` ADD `is_link_enabled` TINYINT(1) NOT NULL DEF
 ALTER TABLE `tevent_filter` ADD COLUMN `owner_user` TEXT;
 ALTER TABLE `tevent_filter` ADD COLUMN `not_search` INT NOT NULL DEFAULT 0;
 
+ALTER TABLE `tusuario` MODIFY COLUMN `password` VARCHAR(60) DEFAULT NULL;
+
 COMMIT;
diff --git a/pandora_console/include/auth/mysql.php b/pandora_console/include/auth/mysql.php
index 8725f0f819..8d222a2504 100644
--- a/pandora_console/include/auth/mysql.php
+++ b/pandora_console/include/auth/mysql.php
@@ -213,10 +213,16 @@ function process_user_login_local($login, $pass, $api=false)
 
     $row = db_get_row_sql($sql);
 
-    // Check that row exists, that password is not empty and that password is the same hash
-    if ($row !== false && $row['password'] !== md5('')
-        && $row['password'] == md5($pass)
-    ) {
+    // Perform password check whether it is MD5-hashed (old hashing) or Bcrypt-hashed.
+    if (strlen($row['password']) === 32) {
+        // MD5.
+        $credentials_check = $row !== false && $row['password'] !== md5('') && $row['password'] == md5($pass);
+    } else {
+        // Bcrypt.
+        $credentials_check = password_verify($pass, $row['password']);
+    }
+
+    if ($credentials_check === true) {
         // Login OK
         // Nick could be uppercase or lowercase (select in MySQL
         // is not case sensitive)
@@ -656,7 +662,7 @@ function create_user($id_user, $password, $user_info)
 {
     $values = $user_info;
     $values['id_user'] = $id_user;
-    $values['password'] = md5($password);
+    $values['password'] = password_hash($password, PASSWORD_BCRYPT);
     $values['last_connect'] = 0;
     $values['registered'] = get_system_time();
 
@@ -766,7 +772,7 @@ function update_user_password(string $user, string $password_new)
 
     if (isset($config['auth']) === true && $config['auth'] === 'pandora') {
         $sql = sprintf(
-            "UPDATE tusuario SET password = '".md5($password_new)."', last_pass_change = '".date('Y-m-d H:i:s', get_system_time())."' WHERE id_user = '".$user."'"
+            "UPDATE tusuario SET password = '".password_hash($password_new, PASSWORD_BCRYPT)."', last_pass_change = '".date('Y-m-d H:i:s', get_system_time())."' WHERE id_user = '".$user."'"
         );
 
         $connection = mysql_connect_db(
@@ -786,7 +792,7 @@ function update_user_password(string $user, string $password_new)
     return db_process_sql_update(
         'tusuario',
         [
-            'password'         => md5($password_new),
+            'password'         => password_hash($password_new, PASSWORD_BCRYPT),
             'last_pass_change' => date('Y/m/d H:i:s', get_system_time()),
         ],
         ['id_user' => $user]
diff --git a/pandora_console/pandoradb.sql b/pandora_console/pandoradb.sql
index f135db927e..c9f77702c0 100644
--- a/pandora_console/pandoradb.sql
+++ b/pandora_console/pandoradb.sql
@@ -1275,7 +1275,7 @@ CREATE TABLE IF NOT EXISTS `tusuario` (
   `firstname` VARCHAR(255) NOT NULL,
   `lastname` VARCHAR(255) NOT NULL,
   `middlename` VARCHAR(255) NOT NULL,
-  `password` VARCHAR(45) DEFAULT NULL,
+  `password` VARCHAR(60) DEFAULT NULL,
   `comments` VARCHAR(200) DEFAULT NULL,
   `last_connect` BIGINT NOT NULL DEFAULT 0,
   `registered` BIGINT NOT NULL DEFAULT 0,