diff --git a/core/Api/Request.class.php b/core/Api/Request.class.php
index 05cb79b..41bd17d 100644
--- a/core/Api/Request.class.php
+++ b/core/Api/Request.class.php
@@ -118,7 +118,8 @@ class Request {
       return false;
     }
 
-    if($this->loginRequired || !empty($this->requiredGroup)) {
+    // TODO: Check this!
+    if($this->externalCall && ($this->loginRequired || !empty($this->requiredGroup))) {
       $apiKeyAuthorized = false;
       if(isset($values['api_key']) && $this->apiKeyAllowed) {
         $apiKey = $values['api_key'];
diff --git a/core/Api/UserAPI.class.php b/core/Api/UserAPI.class.php
index d9ec54b..4da2dfe 100644
--- a/core/Api/UserAPI.class.php
+++ b/core/Api/UserAPI.class.php
@@ -44,10 +44,9 @@ namespace Api {
 
     protected function insertUser($username, $email, $password) {
       $sql = $this->user->getSQL();
-      $salt = generateRandomString(16);
-      $hash = $this->hashPassword($password, $salt);
-      $res = $sql->insert("User", array("name", "password", "salt", "email"))
-        ->addRow($username, $hash, $salt, $email)
+      $hash = $this->hashPassword($password);
+      $res = $sql->insert("User", array("name", "password", "email"))
+        ->addRow($username, $hash, $email)
         ->returning("uid")
         ->execute();
 
@@ -61,9 +60,8 @@ namespace Api {
       return $this->success;
     }
 
-    // TODO: replace this with crypt() in the future
-    protected function hashPassword($password, $salt) {
-      return hash('sha256', $password . $salt);
+    protected function hashPassword($password) {
+      return password_hash($password, PASSWORD_BCRYPT);
     }
 
     protected function checkToken($token) {
@@ -135,17 +133,27 @@ namespace Api\User {
 
       $username = $this->getParam('username');
       $email = $this->getParam('email');
+      $password = $this->getParam('password');
+      $confirmPassword = $this->getParam('confirmPassword');
+
+      if(strlen($username) < 5 || strlen($username) > 32) {
+        return $this->createError("The username should be between 5 and 32 characters long");
+      } else if(strcmp($password, $confirmPassword) !== 0) {
+        return $this->createError("The given passwords do not match");
+      } else if(strlen($password) < 6) {
+        return $this->createError("The password should be at least 6 characters long");
+      }
+
       if (!$this->userExists($username, $email)) {
         return false;
       }
 
-      $password = $this->getParam('password');
-      $confirmPassword = $this->getParam('confirmPassword');
-      if ($password !== $confirmPassword) {
-        return $this->createError("The given passwords do not match.");
+      $id = $this->insertUser($username, $email, $password);
+      if ($this->success) {
+        $this->result["userId"] = $id;
       }
 
-      return $this->insertUser($username, $email, $password) !== FALSE;
+      return $this->success;
     }
   }
 
@@ -405,7 +413,7 @@ If the invitation was not intended, you can simply ignore this email.<br><br><a
       $stayLoggedIn = $this->getParam('stayLoggedIn');
 
       $sql = $this->user->getSQL();
-      $res = $sql->select("User.uid", "User.password", "User.salt")
+      $res = $sql->select("User.uid", "User.password")
         ->from("User")
         ->where(new Compare("User.name", $username))
         ->execute();
@@ -418,10 +426,8 @@ If the invitation was not intended, you can simply ignore this email.<br><br><a
           return $this->wrongCredentials();
         } else {
           $row = $res[0];
-          $salt = $row['salt'];
           $uid = $row['uid'];
-          $hash = $this->hashPassword($password, $salt);
-          if ($hash === $row['password']) {
+          if (password_verify($password, $row['password'])) {
             if (!($this->success = $this->user->createSession($uid, $stayLoggedIn))) {
               return $this->createError("Error creating Session: " . $sql->getLastError());
             } else {
@@ -620,7 +626,7 @@ If the registration was not intended, you can simply ignore this email.<br><br><
 
         if ($usernameChanged) $query->set("name", $username);
         if ($emailChanged) $query->set("email", $email);
-        if (!is_null($password)) $query->set("password", $this->hashPassword($password, $user[0]["salt"]));
+        if (!is_null($password)) $query->set("password", $this->hashPassword($password));
 
         $query->where(new Compare("User.uid", $id));
         $res = $query->execute();
diff --git a/core/Configuration/CreateDatabase.class.php b/core/Configuration/CreateDatabase.class.php
index c889e81..f64b4cf 100755
--- a/core/Configuration/CreateDatabase.class.php
+++ b/core/Configuration/CreateDatabase.class.php
@@ -28,8 +28,7 @@ class CreateDatabase {
       ->addSerial("uid")
       ->addString("email", 64, true)
       ->addString("name", 32)
-      ->addString("salt", 16)
-      ->addString("password", 64)
+      ->addString("password", 128)
       ->addInt("language_id", true, 1)
       ->addDateTime("registered_at", false, $sql->currentTimestamp())
       ->primaryKey("uid")
diff --git a/core/Documents/Install.class.php b/core/Documents/Install.class.php
index 2a5e5bc..5d43785 100644
--- a/core/Documents/Install.class.php
+++ b/core/Documents/Install.class.php
@@ -313,32 +313,23 @@ namespace Documents\Install {
       if(!$success) {
         $msg = "Please fill out the following inputs:<br>" .
           $this->createUnorderedList($missingInputs);
-      } else if(strlen($username) < 5 || strlen($username) > 32) {
-        $msg = "The username should be between 5 and 32 characters long";
-        $success = false;
-      } else if(strcmp($password, $confirmPassword) !== 0) {
-        $msg = "The given passwords do not match";
-        $success = false;
-      } else if(strlen($password) < 6) {
-        $msg = "The password should be at least 6 characters long";
-        $success = false;
-      } else if($email && Parameter::parseType($email) !== Parameter::TYPE_EMAIL) {
-        $msg = "Invalid email address";
-        $success = false;
       } else {
-        $salt = generateRandomString(16);
-        $hash = hash('sha256', $password . $salt);
         $sql = $user->getSQL();
+        $req = new \Api\User\Create($user);
+        $success = $req->execute(array(
+          'username' => $username,
+          'email' => $email,
+          'password' => $password,
+          'confirmPassword' => $confirmPassword,
+        ));
 
-        $success = $sql->insert("User", array("name", "salt", "password", "email"))
-          ->addRow($username, $salt, $hash, $email)
-          ->returning("uid")
-          ->execute()
-          && $sql->insert("UserGroup", array("group_id", "user_id"))
-          ->addRow(USER_GROUP_ADMIN, $sql->getLastInsertId())
-          ->execute();
-
-        $msg = $sql->getLastError();
+        $msg = $req->getLastError();
+        if ($success) {
+          $success = $sql->insert("UserGroup", array("group_id", "user_id"))
+            ->addRow(USER_GROUP_ADMIN, $req->getResult()["userId"])
+            ->execute();
+          $msg = $sql->getLastError();
+        }
       }
 
       return array("msg" => $msg, "success" => $success);