diff --git a/privilege/src/main/java/li/strolch/privilege/handler/DefaultPrivilegeHandler.java b/privilege/src/main/java/li/strolch/privilege/handler/DefaultPrivilegeHandler.java
index e1e5dea9e..0bf3853a3 100644
--- a/privilege/src/main/java/li/strolch/privilege/handler/DefaultPrivilegeHandler.java
+++ b/privilege/src/main/java/li/strolch/privilege/handler/DefaultPrivilegeHandler.java
@@ -1722,7 +1722,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
 		}
 
 		PasswordCrypt userPasswordCrypt = user.getPasswordCrypt();
-		if (userPasswordCrypt.getPassword() == null)
+		if (userPasswordCrypt == null || userPasswordCrypt.getPassword() == null)
 			throw new InvalidCredentialsException(format("User {0} has no password and may not login!", username));
 
 		// we only work with hashed passwords
diff --git a/privilege/src/main/java/li/strolch/privilege/xml/PrivilegeUsersDomWriter.java b/privilege/src/main/java/li/strolch/privilege/xml/PrivilegeUsersDomWriter.java
index 7d056afaa..3621c5d58 100644
--- a/privilege/src/main/java/li/strolch/privilege/xml/PrivilegeUsersDomWriter.java
+++ b/privilege/src/main/java/li/strolch/privilege/xml/PrivilegeUsersDomWriter.java
@@ -149,6 +149,9 @@ public class PrivilegeUsersDomWriter {
 
 	private void writePassword(User user, Element userElement) {
 		PasswordCrypt passwordCrypt = user.getPasswordCrypt();
+		if (passwordCrypt == null)
+			return;
+
 		String passwordString = passwordCrypt.buildPasswordString();
 		if (passwordString != null) {
 			userElement.setAttribute(XML_ATTR_PASSWORD, passwordString);