diff --git a/package.json b/package.json
index 7fe87f60..fe75f7f4 100644
--- a/package.json
+++ b/package.json
@@ -82,7 +82,6 @@
     "babel-preset-react": "6.11.1",
     "babel-preset-react-hmre": "1.1.1",
     "babel-regenerator-runtime": "6.5.0",
-    "bcrypt": "1.0.3",
     "boundless-arrow-key-navigation": "^1.0.4",
     "boundless-popover": "^1.0.4",
     "bugsnag": "^1.7.0",
@@ -108,11 +107,11 @@
     "imports-loader": "0.6.5",
     "invariant": "^2.2.2",
     "isomorphic-fetch": "2.2.1",
-    "jszip": "3.1.5",
     "js-cookie": "^2.1.4",
     "js-search": "^1.4.2",
     "json-loader": "0.5.4",
     "jsonwebtoken": "7.0.1",
+    "jszip": "3.1.5",
     "koa": "^2.2.0",
     "koa-bodyparser": "4.2.0",
     "koa-compress": "2.0.0",
diff --git a/server/migrations/20180707231201-remove-passwords.js b/server/migrations/20180707231201-remove-passwords.js
new file mode 100644
index 00000000..0cd2cc84
--- /dev/null
+++ b/server/migrations/20180707231201-remove-passwords.js
@@ -0,0 +1,11 @@
+module.exports = {
+  up: async (queryInterface, Sequelize) => {
+    await queryInterface.removeColumn('users', 'passwordDigest');
+  },
+  down: async (queryInterface, Sequelize) => {
+    await queryInterface.addColumn('users', 'passwordDigest', {
+      type: Sequelize.STRING,
+      allowNull: true,
+    });
+  }
+}
\ No newline at end of file
diff --git a/server/models/User.js b/server/models/User.js
index ff3b1a6e..06303697 100644
--- a/server/models/User.js
+++ b/server/models/User.js
@@ -1,6 +1,5 @@
 // @flow
 import crypto from 'crypto';
-import bcrypt from 'bcrypt';
 import uuid from 'uuid';
 import JWT from 'jsonwebtoken';
 import subMinutes from 'date-fns/sub_minutes';
@@ -8,8 +7,6 @@ import { DataTypes, sequelize, encryptedFields } from '../sequelize';
 import { publicS3Endpoint, uploadToS3FromUrl } from '../utils/s3';
 import { sendEmail } from '../mailer';
 
-const BCRYPT_COST = process.env.NODE_ENV === 'production' ? 12 : 4;
-
 const User = sequelize.define(
   'user',
   {
@@ -22,8 +19,6 @@ const User = sequelize.define(
     username: { type: DataTypes.STRING },
     name: DataTypes.STRING,
     avatarUrl: { type: DataTypes.STRING, allowNull: true },
-    password: DataTypes.VIRTUAL,
-    passwordDigest: DataTypes.STRING,
     isAdmin: DataTypes.BOOLEAN,
     service: { type: DataTypes.STRING, allowNull: true },
     serviceId: { type: DataTypes.STRING, allowNull: true, unique: true },
@@ -80,24 +75,6 @@ User.prototype.getJwtToken = function() {
   return JWT.sign({ id: this.id }, this.jwtSecret);
 };
 
-User.prototype.verifyPassword = function(password) {
-  return new Promise((resolve, reject) => {
-    if (!this.passwordDigest) {
-      resolve(false);
-      return;
-    }
-
-    bcrypt.compare(password, this.passwordDigest, (err, ok) => {
-      if (err) {
-        reject(err);
-        return;
-      }
-
-      resolve(ok);
-    });
-  });
-};
-
 const uploadAvatar = async model => {
   const endpoint = publicS3Endpoint();
 
@@ -114,26 +91,6 @@ const setRandomJwtSecret = model => {
   model.jwtSecret = crypto.randomBytes(64).toString('hex');
 };
 
-const hashPassword = model => {
-  if (!model.password) {
-    return null;
-  }
-
-  return new Promise((resolve, reject) => {
-    bcrypt.hash(model.password, BCRYPT_COST, (err, digest) => {
-      if (err) {
-        reject(err);
-        return;
-      }
-
-      model.passwordDigest = digest;
-      resolve();
-    });
-  });
-};
-
-User.beforeCreate(hashPassword);
-User.beforeUpdate(hashPassword);
 User.beforeSave(uploadAvatar);
 User.beforeCreate(setRandomJwtSecret);
 User.afterCreate(user => sendEmail('welcome', user.email));
diff --git a/server/models/User.test.js b/server/models/User.test.js
index 9bdc13b6..cce0a743 100644
--- a/server/models/User.test.js
+++ b/server/models/User.test.js
@@ -4,11 +4,7 @@ import { buildUser } from '../test/factories';
 
 beforeEach(flushdb);
 
-it('should set JWT secret and password digest', async () => {
-  const user = await buildUser({ password: 'test123!' });
-  expect(user.passwordDigest).toBeTruthy();
+it('should set JWT secret', async () => {
+  const user = await buildUser();
   expect(user.getJwtToken()).toBeTruthy();
-
-  expect(await user.verifyPassword('test123!')).toBe(true);
-  expect(await user.verifyPassword('badPasswd')).toBe(false);
 });
diff --git a/server/test/factories.js b/server/test/factories.js
index 7cdcee64..65b8b828 100644
--- a/server/test/factories.js
+++ b/server/test/factories.js
@@ -39,7 +39,6 @@ export async function buildUser(overrides: Object = {}) {
     email: `user${count}@example.com`,
     username: `user${count}`,
     name: `User ${count}`,
-    password: 'test123!',
     service: 'slack',
     serviceId: uuid.v4(),
     createdAt: new Date('2018-01-01T00:00:00.000Z'),
diff --git a/server/test/support.js b/server/test/support.js
index 2f57376d..4f6b08fa 100644
--- a/server/test/support.js
+++ b/server/test/support.js
@@ -28,7 +28,6 @@ const seed = async () => {
     email: 'user1@example.com',
     username: 'user1',
     name: 'User 1',
-    password: 'test123!',
     teamId: team.id,
     service: 'slack',
     serviceId: 'U2399UF2P',
@@ -44,7 +43,6 @@ const seed = async () => {
     email: 'admin@example.com',
     username: 'admin',
     name: 'Admin User',
-    password: 'test123!',
     teamId: team.id,
     isAdmin: true,
     service: 'slack',