diff --git a/auth_admin_passkey/models/res_users.py b/auth_admin_passkey/models/res_users.py
index d90330264..f6a73192b 100644
--- a/auth_admin_passkey/models/res_users.py
+++ b/auth_admin_passkey/models/res_users.py
@@ -72,7 +72,10 @@ def _check_credentials(self, password, env):
             )
             if password_encrypted and password:
                 # password stored on config is encrypted
-                password = hashlib.sha512(password.encode()).hexdigest()
+                if isinstance(password, str):
+                    password = hashlib.sha512(password.encode()).hexdigest()
+                else:
+                    raise ValueError("Password must be a string")
 
             if password and file_password == password:
                 if request and hasattr(request, "session"):