diff --git a/api/validation.go b/api/validation.go
index 9d6d6aeb2..d273c8ace 100644
--- a/api/validation.go
+++ b/api/validation.go
@@ -1,6 +1,9 @@
 package api
 
 import (
+	"encoding/hex"
+	"strings"
+
 	"github.com/astaxie/beego"
 	"github.com/deluan/gosonic/api/responses"
 )
@@ -31,7 +34,13 @@ func checkParameters(c ControllerInterface) {
 
 func authenticate(c ControllerInterface) {
 	user := c.GetString("u")
-	pass := c.GetString("p") // TODO Handle hex-encoded password
+	pass := c.GetString("p")
+	if strings.HasPrefix(pass, "enc:") {
+		e := strings.TrimPrefix(pass, "enc:")
+		if dec, err := hex.DecodeString(e); err == nil {
+			pass = string(dec)
+		}
+	}
 	if user != beego.AppConfig.String("user") || pass != beego.AppConfig.String("password") {
 		abortRequest(c, responses.ERROR_AUTHENTICATION_FAIL)
 	}
diff --git a/api/validation_test.go b/api/validation_test.go
index 92e304e6a..3bb3e3612 100644
--- a/api/validation_test.go
+++ b/api/validation_test.go
@@ -2,10 +2,11 @@ package api_test
 
 import (
 	"encoding/xml"
+	"testing"
+
 	"github.com/deluan/gosonic/api/responses"
 	"github.com/deluan/gosonic/tests"
 	. "github.com/smartystreets/goconvey/convey"
-	"testing"
 )
 
 func TestCheckParams(t *testing.T) {
@@ -29,9 +30,10 @@ func TestCheckParams(t *testing.T) {
 }
 
 func TestAuthentication(t *testing.T) {
-	_, w := Get("/rest/ping.view?u=INVALID&p=INVALID&c=test&v=1.0.0", "TestAuthentication")
+	tests.Init(t, false)
 
 	Convey("Subject: Authentication\n", t, func() {
+		_, w := Get("/rest/ping.view?u=INVALID&p=INVALID&c=test&v=1.0.0", "TestAuthentication")
 		Convey("Status code should be 200", func() {
 			So(w.Code, ShouldEqual, 200)
 		})
@@ -44,4 +46,21 @@ func TestAuthentication(t *testing.T) {
 			So(v.Status, ShouldEqual, "fail")
 		})
 	})
+	Convey("Subject: Authentication Valid\n", t, func() {
+		_, w := Get("/rest/ping.view?u=deluan&p=wordpass&c=test&v=1.0.0", "TestAuthentication")
+		Convey("The status should be 'ok'", func() {
+			v := responses.Subsonic{}
+			xml.Unmarshal(w.Body.Bytes(), &v)
+			So(v.Status, ShouldEqual, "ok")
+		})
+	})
+	Convey("Subject: Password encoded\n", t, func() {
+		_, w := Get("/rest/ping.view?u=deluan&p=enc:776f726470617373&c=test&v=1.0.0", "TestAuthentication")
+		Convey("The status should be 'ok'", func() {
+			v := responses.Subsonic{}
+			println("------", w.Body.String())
+			xml.Unmarshal(w.Body.Bytes(), &v)
+			So(v.Status, ShouldEqual, "ok")
+		})
+	})
 }