diff --git a/application/models/Employee.php b/application/models/Employee.php
index defb30e8d..9b720cd80 100644
--- a/application/models/Employee.php
+++ b/application/models/Employee.php
@@ -298,14 +298,29 @@ class Employee extends Person
 	*/
 	public function login($username, $password)
 	{
-		$query = $this->db->get_where('employees', array('username' => $username, 'password' => md5($password), 'deleted' => 0), 1);
+
+		$query = $this->db->get_where('employees', array('username' => $username, 'deleted' => 0), 1);
 
 		if($query->num_rows() == 1)
 		{
 			$row = $query->row();
-			$this->session->set_userdata('person_id', $row->person_id);
 
-			return TRUE;
+			// compare passwords depending on the hash version
+			if ($row->hash_version == 1 && $row->password == md5($password))
+			{
+				$this->db->where('person_id', $row->person_id);
+				$this->session->set_userdata('person_id', $row->person_id);
+				$password_hash = password_hash($password, PASSWORD_DEFAULT);
+
+				return $this->db->update('employees', array('hash_version' => 2, 'password' => $password_hash));
+			}
+			else if ($row->hash_version == 2 && password_verify($password, $row->password))
+			{
+				$this->session->set_userdata('person_id', $row->person_id);
+
+				return TRUE;
+			}
+
 		}
 
 		return FALSE;
diff --git a/database/2.4_to_3.0.sql b/database/2.4_to_3.0.sql
index 364402a89..d2d57927e 100644
--- a/database/2.4_to_3.0.sql
+++ b/database/2.4_to_3.0.sql
@@ -63,7 +63,6 @@ INSERT INTO `ospos_app_config` (`key`, `value`) VALUES
  
 DELETE FROM `ospos_app_config` WHERE `key` = 'use_invoice_template';
 
-
 -- add messages (SMS) module and permissions
 
 UPDATE `ospos_modules` SET `sort` = 110 WHERE `name_lang_key` = 'module_config';
@@ -89,4 +88,9 @@ CREATE TABLE `ospos_sessions` (
   `data` blob NOT NULL,
   KEY `ci_sessions_timestamp` (`timestamp`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
- 
\ No newline at end of file
+
+-- upgrade employees table
+ALTER TABLE `ospos_employees`
+ ADD COLUMN `hash_version` int(1) NOT NULL DEFAULT '2';
+
+UPDATE `ospos_employees` SET `hash_version` = 1;
\ No newline at end of file
diff --git a/database/tables.sql b/database/tables.sql
index 38ee557bf..2335b5a25 100644
--- a/database/tables.sql
+++ b/database/tables.sql
@@ -115,6 +115,7 @@ CREATE TABLE `ospos_employees` (
   `password` varchar(255) NOT NULL,
   `person_id` int(10) NOT NULL,
   `deleted` int(1) NOT NULL DEFAULT '0',
+  `hash_version` int(1) NOT NULL DEFAULT '2'
   UNIQUE KEY `username` (`username`),
   KEY `person_id` (`person_id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;