diff --git a/lib/plugins/htpasswd/utils.js b/lib/plugins/htpasswd/utils.js
index 229662f9f..425e7b085 100644
--- a/lib/plugins/htpasswd/utils.js
+++ b/lib/plugins/htpasswd/utils.js
@@ -1,5 +1,6 @@
 var crypto = require('crypto')
 var crypt3 = require('./crypt3')
+var md5 = require('apache-md5')
 var locker = require('../../file-locking')
 
 // this function neither unlocks file nor closes it
@@ -32,10 +33,12 @@ function verify_password(user, passwd, hash) {
     return passwd === hash.substr(7)
   } else if (hash.indexOf('{SHA}') === 0) {
     return crypto.createHash('sha1').update(passwd, 'binary').digest('base64') === hash.substr(5)
-  } else if (crypt3) {
-    return crypt3(passwd, hash) === hash
   } else {
-    return false
+    return (
+      // for backwards compatibility, first check md5 then check crypt3
+      md5(passwd, hash) === hash ||
+      crypt3(passwd, hash) === hash
+    )
   }
 }
 
diff --git a/package.json b/package.json
index 1a7e20f4d..730c2f2af 100644
--- a/package.json
+++ b/package.json
@@ -16,6 +16,7 @@
   },
   "dependencies": {
     "JSONStream": "^1.1.1",
+    "apache-md5": "^1.1.2",
     "async": "^2.0.1",
     "body-parser": "^1.15.0",
     "bunyan": "^1.8.0",