diff --git a/frappe/model/base_document.py b/frappe/model/base_document.py
index de0c1e0e1c..b04af7bc7d 100644
--- a/frappe/model/base_document.py
+++ b/frappe/model/base_document.py
@@ -792,7 +792,7 @@ class BaseDocument(object):
 
 	def _save_passwords(self):
 		"""Save password field values in __Auth table"""
-		from frappe.utils.password import set_encrypted_password
+		from frappe.utils.password import set_encrypted_password, remove_encrypted_password
 
 		if self.flags.ignore_save_passwords is True:
 			return
@@ -800,6 +800,10 @@ class BaseDocument(object):
 		for df in self.meta.get('fields', {'fieldtype': ('=', 'Password')}):
 			if self.flags.ignore_save_passwords and df.fieldname in self.flags.ignore_save_passwords: continue
 			new_password = self.get(df.fieldname)
+
+			if not new_password:
+				remove_encrypted_password(self.doctype, self.name, df.fieldname)
+
 			if new_password and not self.is_dummy_password(new_password):
 				# is not a dummy password like '*****'
 				set_encrypted_password(self.doctype, self.name, new_password, df.fieldname)
diff --git a/frappe/utils/password.py b/frappe/utils/password.py
index 19a538f703..f9197abb2b 100644
--- a/frappe/utils/password.py
+++ b/frappe/utils/password.py
@@ -65,6 +65,13 @@ def set_encrypted_password(doctype, name, pwd, fieldname='password'):
 		raise e
 
 
+def remove_encrypted_password(doctype, name, fieldname='password'):
+	frappe.db.sql(
+		'DELETE FROM `__Auth` WHERE doctype = %s and name = %s and fieldname = %s',
+		values=[doctype, name, fieldname]
+	)
+
+
 def check_password(user, pwd, doctype='User', fieldname='password'):
 	'''Checks if user and password are correct, else raises frappe.AuthenticationError'''