diff --git a/Userland/Libraries/LibCore/Account.cpp b/Userland/Libraries/LibCore/Account.cpp
index 7351a79782..d46bb80731 100644
--- a/Userland/Libraries/LibCore/Account.cpp
+++ b/Userland/Libraries/LibCore/Account.cpp
@@ -159,7 +159,7 @@ Result<Account, String> Account::from_uid(uid_t uid, Read options)
     return from_passwd(*pwd, *spwd);
 }
 
-bool Account::authenticate(const char* password) const
+bool Account::authenticate(SecretString const& password) const
 {
     // If there was no shadow entry for this account, authentication always fails.
     if (m_password_hash.is_null())
@@ -170,7 +170,7 @@ bool Account::authenticate(const char* password) const
         return true;
 
     // FIXME: Use crypt_r if it can be built in lagom.
-    char* hash = crypt(password, m_password_hash.characters());
+    char* hash = crypt(password.characters(), m_password_hash.characters());
     return hash != nullptr && strcmp(hash, m_password_hash.characters()) == 0;
 }
 
diff --git a/Userland/Libraries/LibCore/Account.h b/Userland/Libraries/LibCore/Account.h
index fc8443cee7..d0c3360575 100644
--- a/Userland/Libraries/LibCore/Account.h
+++ b/Userland/Libraries/LibCore/Account.h
@@ -10,6 +10,7 @@
 #include <AK/String.h>
 #include <AK/Types.h>
 #include <AK/Vector.h>
+#include <LibCore/SecretString.h>
 #include <pwd.h>
 #ifndef AK_OS_BSD_GENERIC
 #    include <shadow.h>
@@ -36,7 +37,7 @@ public:
     static Result<Account, String> from_name(const char* username, Read options = Read::All);
     static Result<Account, String> from_uid(uid_t uid, Read options = Read::All);
 
-    bool authenticate(const char* password) const;
+    bool authenticate(SecretString const& password) const;
     bool login() const;
 
     String username() const { return m_username; }
diff --git a/Userland/Utilities/passwd.cpp b/Userland/Utilities/passwd.cpp
index 70860db604..12032a0c89 100644
--- a/Userland/Utilities/passwd.cpp
+++ b/Userland/Utilities/passwd.cpp
@@ -90,7 +90,7 @@ int main(int argc, char** argv)
                 return 1;
             }
 
-            if (!target_account.authenticate(current_password.value().characters())) {
+            if (!target_account.authenticate(current_password.value())) {
                 warnln("Incorrect or disabled password.");
                 warnln("Password for user {} unchanged.", target_account.username());
                 return 1;
diff --git a/Userland/Utilities/pls.cpp b/Userland/Utilities/pls.cpp
index e617e7d8a0..5e88a4c633 100644
--- a/Userland/Utilities/pls.cpp
+++ b/Userland/Utilities/pls.cpp
@@ -55,7 +55,7 @@ int main(int argc, char** argv)
             }
 
             auto const& password = password_or_error.value();
-            if (!account.authenticate(password.characters())) {
+            if (!account.authenticate(password)) {
                 warnln("Incorrect or disabled password.");
                 return 1;
             }
diff --git a/Userland/Utilities/su.cpp b/Userland/Utilities/su.cpp
index c9290fd63c..d737f14129 100644
--- a/Userland/Utilities/su.cpp
+++ b/Userland/Utilities/su.cpp
@@ -58,7 +58,7 @@ int main(int argc, char** argv)
             return 1;
         }
 
-        if (!account.authenticate(password.value().characters())) {
+        if (!account.authenticate(password.value())) {
             warnln("Incorrect or disabled password.");
             return 1;
         }