diff --git a/include/class.staff.php b/include/class.staff.php
index b573eaa6efcc7da49c0cc3a71b979a80cff9f40b..8e4ef95b0705433d2f1444d16c35564bc18d7bb3 100644
--- a/include/class.staff.php
+++ b/include/class.staff.php
@@ -203,15 +203,15 @@ implements AuthenticatedUser, EmailContact, TemplateVariable {
             throw new PasswordUpdateFailed(
                 __('Authentication backend does not support password updates'));
         }
-        if (!$bk->setPassword($this, $new, $current)) {
-            // Backend should throw PasswordUpdateFailed directly
-            return false;
-        }
+        // Backend should throw PasswordUpdateFailed directly
+        $rv = $bk->setPassword($this, $new, $current);
 
         // Successfully updated authentication tokens
         $this->change_passwd = 0;
         $this->cancelResetTokens();
         $this->passwdreset = SqlFunction::NOW();
+
+        return $rv;
     }
 
     function canAccess($something) {
@@ -865,8 +865,6 @@ implements AuthenticatedUser, EmailContact, TemplateVariable {
             elseif(!$vars['passwd1'] && !$vars['id']) {
                 $errors['passwd1']=__('Temporary password is required');
                 $errors['temppasswd']=__('Required');
-            } elseif($vars['passwd1'] && strlen($vars['passwd1'])<6) {
-                $errors['passwd1']=__('Password must be at least 6 characters');
             }
         }
 
@@ -915,8 +913,17 @@ implements AuthenticatedUser, EmailContact, TemplateVariable {
         $this->signature = Format::sanitize($vars['signature']);
         $this->notes = Format::sanitize($vars['notes']);
 
+        // Update the user's password if requested
         if ($vars['passwd1']) {
-            $this->passwd = Passwd::hash($vars['passwd1']);
+            try {
+                $this->setPassword($vars['passwd1'], null);
+            }
+            catch (BadPassword $ex) {
+                $errors['passwd1'] = $ex->getMessage();
+            }
+            catch (PasswordUpdateFailed $ex) {
+                // TODO: Add a warning banner or crash the update
+            }
             if (isset($vars['change_passwd']))
                 $this->change_passwd = 1;
         }
diff --git a/scp/profile.php b/scp/profile.php
index f68ce131e1f0bafa49e5ba32df37aa8394826650..0ceaf50651e6dc18d2693cc8e7149bd7c337f2d7 100644
--- a/scp/profile.php
+++ b/scp/profile.php
@@ -25,7 +25,7 @@ if($_POST && $_POST['id']!=$thisstaff->getId()) { //Check dummy ID used on the f
 
     if(!$staff)
         $errors['err']=sprintf(__('%s: Unknown or invalid'), __('agent'));
-    elseif($staff->updateProfile($_POST,$errors)){
+    elseif($thisstaff->updateProfile($_POST,$errors)){
         $msg=__('Profile updated successfully');
     }elseif(!$errors['err'])
         $errors['err']=__('Profile update error. Try correcting the errors below and try again!');