diff --git a/internal/bridge/smtp_backend.go b/internal/bridge/smtp_backend.go
index 79ccbb67..1fc99a4d 100644
--- a/internal/bridge/smtp_backend.go
+++ b/internal/bridge/smtp_backend.go
@@ -24,7 +24,7 @@ func (backend *smtpBackend) Login(state *smtp.ConnectionState, username, passwor
 	defer backend.usersLock.RUnlock()
 
 	for _, user := range backend.users {
-		if slices.Contains(user.Emails(), username) && subtle.ConstantTimeCompare(user.BridgePass(), []byte(password)) != 1 {
+		if slices.Contains(user.Emails(), username) && subtle.ConstantTimeCompare(user.BridgePass(), []byte(password)) == 1 {
 			return user.NewSMTPSession(username), nil
 		}
 	}
diff --git a/internal/vault/user_test.go b/internal/vault/user_test.go
index a1617ba1..852ad915 100644
--- a/internal/vault/user_test.go
+++ b/internal/vault/user_test.go
@@ -1,6 +1,7 @@
 package vault_test
 
 import (
+	"encoding/hex"
 	"testing"
 
 	"github.com/ProtonMail/gluon/imap"
@@ -52,7 +53,7 @@ func TestUser(t *testing.T) {
 	// Get auth information for user 1.
 	require.Equal(t, "userID1", user1.UserID())
 	require.Equal(t, "user1", user1.Username())
-	require.Equal(t, []byte("token"), user1.BridgePass())
+	require.Equal(t, hex.EncodeToString([]byte("token")), string(user1.BridgePass()))
 	require.Equal(t, vault.CombinedMode, user1.AddressMode())
 	require.Equal(t, "authUID1", user1.AuthUID())
 	require.Equal(t, "authRef1", user1.AuthRef())
@@ -72,7 +73,7 @@ func TestUser(t *testing.T) {
 	// Get auth information for user 2.
 	require.Equal(t, "userID2", user2.UserID())
 	require.Equal(t, "user2", user2.Username())
-	require.Equal(t, []byte("token"), user2.BridgePass())
+	require.Equal(t, hex.EncodeToString([]byte("token")), string(user2.BridgePass()))
 	require.Equal(t, vault.CombinedMode, user2.AddressMode())
 	require.Equal(t, "authUID2", user2.AuthUID())
 	require.Equal(t, "authRef2", user2.AuthRef())
diff --git a/tests/ctx_test.go b/tests/ctx_test.go
index 06ed6a39..67b19d65 100644
--- a/tests/ctx_test.go
+++ b/tests/ctx_test.go
@@ -49,7 +49,7 @@ type testCtx struct {
 	userIDByName       map[string]string
 	userAddrByEmail    map[string]map[string]string
 	userPassByID       map[string]string
-	userBridgePassByID map[string]string
+	userBridgePassByID map[string][]byte
 
 	// These are the IMAP and SMTP clients used to connect to bridge.
 	imapClients map[string]*imapClient
@@ -89,7 +89,7 @@ func newTestCtx(tb testing.TB) *testCtx {
 		userIDByName:       make(map[string]string),
 		userAddrByEmail:    make(map[string]map[string]string),
 		userPassByID:       make(map[string]string),
-		userBridgePassByID: make(map[string]string),
+		userBridgePassByID: make(map[string][]byte),
 
 		imapClients: make(map[string]*imapClient),
 		smtpClients: make(map[string]*smtpClient),
@@ -148,10 +148,10 @@ func (t *testCtx) setUserPass(userID, pass string) {
 }
 
 func (t *testCtx) getUserBridgePass(userID string) string {
-	return t.userBridgePassByID[userID]
+	return string(t.userBridgePassByID[userID])
 }
 
-func (t *testCtx) setUserBridgePass(userID, pass string) {
+func (t *testCtx) setUserBridgePass(userID string, pass []byte) {
 	t.userBridgePassByID[userID] = pass
 }
 
diff --git a/tests/user_test.go b/tests/user_test.go
index 044d659d..659b7115 100644
--- a/tests/user_test.go
+++ b/tests/user_test.go
@@ -162,7 +162,7 @@ func (s *scenario) theAddressOfAccountHasMessagesInMailbox(address, username str
 }
 
 func (s *scenario) userLogsInWithUsernameAndPassword(username, password string) error {
-	userID, err := s.t.bridge.LoginUser(context.Background(), username, password, nil, nil)
+	userID, err := s.t.bridge.LoginUser(context.Background(), username, []byte(password), nil, nil)
 	if err != nil {
 		s.t.pushError(err)
 	} else {