diff --git a/kallithea/lib/auth.py b/kallithea/lib/auth.py
--- a/kallithea/lib/auth.py
+++ b/kallithea/lib/auth.py
@@ -122,6 +122,11 @@ class KallitheaCrypto(object):
         :param hashed: password in hashed form
         """
 
+        try:
+            password = str(password)
+        except UnicodeEncodeError:
+            log.warning('rejecting non-ascii password')
+            return False
         if is_windows:
             return hashlib.sha256(password).hexdigest() == hashed
         elif is_unix:
diff --git a/kallithea/tests/functional/test_login.py b/kallithea/tests/functional/test_login.py
--- a/kallithea/tests/functional/test_login.py
+++ b/kallithea/tests/functional/test_login.py
@@ -133,6 +133,13 @@ class TestLoginController(TestController
 
         response.mustcontain('Invalid username or password')
 
+    def test_login_non_ascii(self):
+        response = self.app.post(url(controller='login', action='index'),
+                                 {'username': TEST_USER_REGULAR_LOGIN,
+                                  'password': 'blåbærgrød'})
+
+        response.mustcontain('>Invalid username or password<')
+
     # verify that get arguments are correctly passed along login redirection
 
     @parameterized.expand([