diff --git a/frappe/utils/password.py b/frappe/utils/password.py
index ea47783da4..3784720777 100644
--- a/frappe/utils/password.py
+++ b/frappe/utils/password.py
@@ -21,7 +21,7 @@ class LegacyPassword(pbkdf2_sha256):
 		# it is possible that we will generate a false positive if the users password happens to be 40 hex chars proceeded
 		# by an * char, but this seems highly unlikely
 		if not (secret[0] == "*" and len(secret) == 41 and all(c in string.hexdigits for c in secret[1:])):
-			secret = mysql41.hash(secret + self.salt)
+			secret = mysql41.hash(secret + self.salt.decode('utf-8'))
 		return super(LegacyPassword, self)._calc_checksum(secret)