diff --git a/tests/test_session.py b/tests/test_session.py
index 7509256b3f8736988adb70527de31e9ac6646a41..f99ab1a1941cc59f04eb61702b7104aabcb2d3d7 100644
--- a/tests/test_session.py
+++ b/tests/test_session.py
@@ -61,6 +61,12 @@ class TestSession(UffdTestCase):
 		self.assertEqual(r.status_code, 200)
 		self.assertLoggedIn()
 
+	def test_titlecase_password(self):
+		r = self.client.post(path=url_for('session.login'),
+			data={'loginname': self.test_data.get('user').get('loginname').title(), 'password': self.test_data.get('user').get('password')}, follow_redirects=True)
+		self.assertEqual(r.status_code, 200)
+		self.assertLoggedIn()
+
 	def test_redirect(self):
 		r = self.login_as('user', ref=url_for('test_login_required'))
 		self.assertEqual(r.status_code, 200)
diff --git a/uffd/api/views.py b/uffd/api/views.py
index ca12218621cdceba9419fc6b4085dc838bfe2976..399ff5d020c8f29770753251135eb2e34f32cd3b 100644
--- a/uffd/api/views.py
+++ b/uffd/api/views.py
@@ -79,7 +79,7 @@ def getusers():
 def checkpassword():
 	if set(request.values.keys()) != {'loginname', 'password'}:
 		abort(400)
-	username = request.form['loginname']
+	username = request.form['loginname'].lower()
 	password = request.form['password']
 	login_delay = login_ratelimit.get_delay(username)
 	if login_delay:
diff --git a/uffd/selfservice/views.py b/uffd/selfservice/views.py
index a3279127fdbfd8e9a72fb00c3adb09830412a878..605512a796bf07e1e2aa08c7827f4c45f14f16a5 100644
--- a/uffd/selfservice/views.py
+++ b/uffd/selfservice/views.py
@@ -60,7 +60,7 @@ def forgot_password():
 	if request.method == 'GET':
 		return render_template('selfservice/forgot_password.html')
 
-	loginname = request.values['loginname']
+	loginname = request.values['loginname'].lower()
 	mail = request.values['mail']
 	reset_delay = reset_ratelimit.get_delay(loginname+'/'+mail)
 	host_delay = host_ratelimit.get_delay()
diff --git a/uffd/session/views.py b/uffd/session/views.py
index 964a885bcb11376882cded81316a84aca95c056a..8d095a2cd710c208fb26ac8658beb9130e6f6e33 100644
--- a/uffd/session/views.py
+++ b/uffd/session/views.py
@@ -81,7 +81,7 @@ def login():
 	if request.method == 'GET':
 		return render_template('session/login.html', ref=request.values.get('ref'))
 
-	username = request.form['loginname']
+	username = request.form['loginname'].lower()
 	password = request.form['password']
 	login_delay = login_ratelimit.get_delay(username)
 	host_delay = host_ratelimit.get_delay()