diff --git a/app/classes/Framadate/Form.php b/app/classes/Framadate/Form.php
index cd50e6d..07b7868 100644
--- a/app/classes/Framadate/Form.php
+++ b/app/classes/Framadate/Form.php
@@ -58,10 +58,10 @@ class Form
     public $use_password;
 
     /**
-     * The password needed to access the poll, if $use_password is set to true
+     * The password needed to access the poll, hashed. Only used if $use_password is set to true
      * @var string
      */
-    public $password;
+    public $password_hash;
 
     /**
      * If true, the polls results will be also visible for those without password
diff --git a/app/classes/Framadate/Repositories/PollRepository.php b/app/classes/Framadate/Repositories/PollRepository.php
index 7201d9b..19f1ed9 100644
--- a/app/classes/Framadate/Repositories/PollRepository.php
+++ b/app/classes/Framadate/Repositories/PollRepository.php
@@ -11,12 +11,12 @@ class PollRepository extends AbstractRepository {
         parent::__construct($connect);
     }
 
-    public function insertPoll($poll_id, $admin_poll_id, $form, $password_hash, $results_publicly_visible) {
+    public function insertPoll($poll_id, $admin_poll_id, $form) {
         $sql = 'INSERT INTO `' . Utils::table('poll') . '`
           (id, admin_id, title, description, admin_name, admin_mail, end_date, format, editable, receiveNewVotes, receiveNewComments, hidden, password_hash, results_publicly_visible)
           VALUES (?,?,?,?,?,?,FROM_UNIXTIME(?),?,?,?,?,?,?,?)';
         $prepared = $this->prepare($sql);
-        $prepared->execute(array($poll_id, $admin_poll_id, $form->title, $form->description, $form->admin_name, $form->admin_mail, $form->end_date, $form->format, $form->editable, $form->receiveNewVotes, $form->receiveNewComments, $form->hidden, $password_hash, $results_publicly_visible));
+        $prepared->execute(array($poll_id, $admin_poll_id, $form->title, $form->description, $form->admin_name, $form->admin_mail, $form->end_date, $form->format, $form->editable, $form->receiveNewVotes, $form->receiveNewComments, $form->hidden, $form->password_hash, $form->results_publicly_visible));
     }
 
     function findById($poll_id) {
diff --git a/app/classes/Framadate/Services/PollService.php b/app/classes/Framadate/Services/PollService.php
index 1ae134c..4031ac8 100644
--- a/app/classes/Framadate/Services/PollService.php
+++ b/app/classes/Framadate/Services/PollService.php
@@ -22,7 +22,6 @@ use Framadate\Form;
 use Framadate\FramaDB;
 use Framadate\Utils;
 use Framadate\Security\Token;
-use Framadate\Security\PasswordHasher;
 use Framadate\Repositories\RepositoryFactory;
 
 class PollService {
@@ -112,18 +111,9 @@ class PollService {
         } while ($this->pollRepository->existsById($poll_id));
         $admin_poll_id = $poll_id . $this->random(8);
 
-        // Password hash, if needed
-        if ($form->use_password) {
-            $password_hash = PasswordHasher::hash($form->password);
-            $results_publicly_visible = $form->results_publicly_visible;
-        } else {
-            $password_hash = null;
-            $results_publicly_visible = null;
-        }
-
         // Insert poll + slots
         $this->pollRepository->beginTransaction();
-        $this->pollRepository->insertPoll($poll_id, $admin_poll_id, $form, $password_hash, $results_publicly_visible);
+        $this->pollRepository->insertPoll($poll_id, $admin_poll_id, $form);
         $this->slotRepository->insertSlots($poll_id, $form->getChoices());
         $this->pollRepository->commit();
 
diff --git a/create_poll.php b/create_poll.php
index 3faa240..06b4143 100644
--- a/create_poll.php
+++ b/create_poll.php
@@ -21,6 +21,7 @@ use Framadate\Form;
 use Framadate\Services\InputService;
 use Framadate\Editable;
 use Framadate\Utils;
+use Framadate\Security\PasswordHasher;
 
 include_once __DIR__ . '/app/inc/init.php';
 
@@ -83,7 +84,6 @@ if ($goToStep2) {
     $_SESSION['form']->receiveNewComments = $receiveNewComments;
     $_SESSION['form']->hidden = $hidden;
     $_SESSION['form']->use_password = ($use_password !== null);
-    $_SESSION['form']->password = $password;
     $_SESSION['form']->results_publicly_visible = ($results_publicly_visible !== null);
 
 
@@ -123,6 +123,14 @@ if ($goToStep2) {
     if ($title && $name && $email_OK && !$error_on_title && !$error_on_description && !$error_on_name
         && !$error_on_password && !$error_on_password_repeat) {
 
+        // If no errors, we hash the password if needed
+        if ($_SESSION['form']->use_password) {
+            $_SESSION['form']->password_hash = PasswordHasher::hash($password);
+        } else {
+            $_SESSION['form']->password_hash = null;
+            $_SESSION['form']->results_publicly_visible = null;
+        }
+
         if ($goToStep2 == 'date') {
             header('Location:create_date_poll.php');
             exit();
@@ -244,7 +252,6 @@ $smarty->assign('poll_receiveNewComments', Utils::fromPostOrDefault('receiveNewC
 $smarty->assign('poll_hidden', Utils::fromPostOrDefault('hidden', $_SESSION['form']->hidden));
 $smarty->assign('poll_use_password', Utils::fromPostOrDefault('use_password', $_SESSION['form']->use_password));
 $smarty->assign('poll_results_publicly_visible', Utils::fromPostOrDefault('results_publicly_visible', $_SESSION['form']->results_publicly_visible));
-$smarty->assign('poll_password', Utils::fromPostOrDefault('password', $_SESSION['form']->password));
 $smarty->assign('form', $_SESSION['form']);
 
 $smarty->display('create_poll.tpl');