diff --git a/server/endpoints/system.js b/server/endpoints/system.js
index ffc5e8205b..5406202306 100644
--- a/server/endpoints/system.js
+++ b/server/endpoints/system.js
@@ -51,6 +51,7 @@ const {
   generateRecoveryCodes,
 } = require("../utils/PasswordRecovery");
 const { SlashCommandPresets } = require("../models/slashCommandsPresets");
+const { EncryptionManager } = require("../utils/EncryptionManager");
 
 function systemEndpoints(app) {
   if (!app) return;
@@ -236,7 +237,7 @@ function systemEndpoints(app) {
         });
         response.status(200).json({
           valid: true,
-          token: makeJWT({ p: password }, "30d"),
+          token: makeJWT({ p: new EncryptionManager().encrypt(password) }, "30d"),
           message: null,
         });
       }
diff --git a/server/utils/middleware/validatedRequest.js b/server/utils/middleware/validatedRequest.js
index 551090a07a..199645f180 100644
--- a/server/utils/middleware/validatedRequest.js
+++ b/server/utils/middleware/validatedRequest.js
@@ -1,6 +1,8 @@
 const { SystemSettings } = require("../../models/systemSettings");
 const { User } = require("../../models/user");
+const { EncryptionManager } = require("../EncryptionManager");
 const { decodeJWT } = require("../http");
+const EncryptionMgr = new EncryptionManager();
 
 async function validatedRequest(request, response, next) {
   const multiUserMode = await SystemSettings.isMultiUserMode();
@@ -10,14 +12,14 @@ async function validatedRequest(request, response, next) {
 
   // When in development passthrough auth token for ease of development.
   // Or if the user simply did not set an Auth token or JWT Secret
-  if (
-    process.env.NODE_ENV === "development" ||
-    !process.env.AUTH_TOKEN ||
-    !process.env.JWT_SECRET
-  ) {
-    next();
-    return;
-  }
+  // if (
+  //   process.env.NODE_ENV === "development" ||
+  //   !process.env.AUTH_TOKEN ||
+  //   !process.env.JWT_SECRET
+  // ) {
+  //   next();
+  //   return;
+  // }
 
   if (!process.env.AUTH_TOKEN) {
     response.status(401).json({
@@ -39,14 +41,14 @@ async function validatedRequest(request, response, next) {
   const bcrypt = require("bcrypt");
   const { p } = decodeJWT(token);
 
-  if (p === null) {
+  if (p === null || !/\w{32}:\w{32}/.test(p)) {
     response.status(401).json({
       error: "Token expired or failed validation.",
     });
     return;
   }
 
-  if (!bcrypt.compareSync(p, bcrypt.hashSync(process.env.AUTH_TOKEN, 10))) {
+  if (!bcrypt.compareSync(EncryptionMgr.decrypt(p), bcrypt.hashSync(process.env.AUTH_TOKEN, 10))) {
     response.status(401).json({
       error: "Invalid auth credentials.",
     });