diff --git a/Backend/Areas/Admin/Controllers/HomeController.cs b/Backend/Areas/Admin/Controllers/HomeController.cs
index 67e97f0..b93f16f 100644
--- a/Backend/Areas/Admin/Controllers/HomeController.cs
+++ b/Backend/Areas/Admin/Controllers/HomeController.cs
@@ -171,21 +171,22 @@ public ActionResult UpdateInfo(ProfileViewModel acc)
                 data = errors
             }, JsonRequestBehavior.AllowGet);
         }
-        
-        
+
+
         public ActionResult ChangePassword(ChangePasswordViewModel changePasswordViewModel)
         {
             var errors = new Dictionary<string, string>();
-            var user = (Accounts) Session["user"];
+            var user = (Accounts)Session["user"];
             var userUpdate = accounts.Get(user.AccountId);
+
             foreach (var k in ModelState.Keys)
-            foreach (var err in ModelState[k].Errors)
-            {
-                var key = Regex.Replace(k, @"(\w+)\.(\w+)", @"$2");
-                if (!errors.ContainsKey(key))
-                    errors.Add(key, err.ErrorMessage);
-            }
-            
+                foreach (var err in ModelState[k].Errors)
+                {
+                    var key = Regex.Replace(k, @"(\w+)\.(\w+)", @"$2");
+                    if (!errors.ContainsKey(key))
+                        errors.Add(key, err.ErrorMessage);
+                }
+
             if (!ModelState.IsValid)
                 return Json(new
                 {
@@ -194,7 +195,7 @@ public ActionResult ChangePassword(ChangePasswordViewModel changePasswordViewMod
                     message = "Error",
                 }, JsonRequestBehavior.AllowGet);
 
-            if (!changePasswordViewModel.OldPassword.Equals(userUpdate.Password))
+            if (!Utils.ValidatePassword(changePasswordViewModel.OldPassword, userUpdate.Password))
             {
                 errors.Add("OldPassword", "Your password is not correct!");
                 return Json(new
@@ -204,7 +205,7 @@ public ActionResult ChangePassword(ChangePasswordViewModel changePasswordViewMod
                     message = "Error",
                 }, JsonRequestBehavior.AllowGet);
             }
-            
+
             if (!changePasswordViewModel.NewPassword.Equals(changePasswordViewModel.ConfirmPassword))
             {
                 errors.Add("ConfirmPassword", "Your confirm is not the same as your new password!");
@@ -216,7 +217,7 @@ public ActionResult ChangePassword(ChangePasswordViewModel changePasswordViewMod
                 }, JsonRequestBehavior.AllowGet);
             }
 
-            userUpdate.Password = changePasswordViewModel.NewPassword;
+            userUpdate.Password = Utils.HashPassword(changePasswordViewModel.NewPassword);
             if (!accounts.Edit(userUpdate))
             {
                 return Json(new
@@ -226,7 +227,7 @@ public ActionResult ChangePassword(ChangePasswordViewModel changePasswordViewMod
                     message = "Error",
                 }, JsonRequestBehavior.AllowGet);
             }
-            
+
             return Json(new
             {
                 statusCode = 200,
diff --git a/Backend/Controllers/HomeController.cs b/Backend/Controllers/HomeController.cs
index 84185fc..efeaae5 100644
--- a/Backend/Controllers/HomeController.cs
+++ b/Backend/Controllers/HomeController.cs
@@ -420,6 +420,7 @@ public ActionResult ChangePassword(ChangePasswordViewModel changePasswordViewMod
             var errors = new Dictionary<string, string>();
             var user = (Accounts) Session["user"];
             var userUpdate = accounts.Get(user.AccountId);
+
             foreach (var k in ModelState.Keys)
             foreach (var err in ModelState[k].Errors)
             {
@@ -436,7 +437,7 @@ public ActionResult ChangePassword(ChangePasswordViewModel changePasswordViewMod
                     message = "Error",
                 }, JsonRequestBehavior.AllowGet);
 
-            if (!changePasswordViewModel.OldPassword.Equals(userUpdate.Password))
+            if (!Utils.ValidatePassword(changePasswordViewModel.OldPassword, userUpdate.Password))
             {
                 errors.Add("OldPassword", "Your password is not correct!");
                 return Json(new
@@ -457,8 +458,8 @@ public ActionResult ChangePassword(ChangePasswordViewModel changePasswordViewMod
                     message = "Error",
                 }, JsonRequestBehavior.AllowGet);
             }
-
-            userUpdate.Password = changePasswordViewModel.NewPassword;
+            
+            userUpdate.Password = Utils.HashPassword(changePasswordViewModel.NewPassword);
             if (!accounts.Edit(userUpdate))
             {
                 return Json(new
diff --git a/Backend/Web.config b/Backend/Web.config
index 29ccaf4..18ff9c5 100644
--- a/Backend/Web.config
+++ b/Backend/Web.config
@@ -63,8 +63,8 @@
 		</assemblyBinding>
 	</runtime>
 	<connectionStrings>
-		<add name="DBConnectionString" connectionString="server=.;database=OnlineBanking;uid=sa;pwd=123456aA@;MultipleActiveResultSets=true" providerName="System.Data.SqlClient" />
-		<!--<add name="DBConnectionString" connectionString="server=14.231.185.26;database=OnlineBanking;uid=sa;pwd=123456aA@;MultipleActiveResultSets=true" providerName="System.Data.SqlClient" />-->
+		<!--<add name="DBConnectionString" connectionString="server=.;database=OnlineBanking;uid=sa;pwd=123456aA@;MultipleActiveResultSets=true" providerName="System.Data.SqlClient" />-->
+		<add name="DBConnectionString" connectionString="server=14.231.185.26;database=OnlineBanking;uid=sa;pwd=123456aA@;MultipleActiveResultSets=true" providerName="System.Data.SqlClient" />
 	</connectionStrings>
 	<entityFramework>
 		<defaultConnectionFactory type="System.Data.Entity.Infrastructure.SqlConnectionFactory, EntityFramework" />