diff --git a/service/auth/login.go b/service/auth/login.go
index 85d6de97cf0ca3850c3e51e1ada4f56cf7850bab..0ed6024ef98e633119cabaaacac98709e875d155 100644
--- a/service/auth/login.go
+++ b/service/auth/login.go
@@ -19,7 +19,7 @@ func (auth AuthServiceImpl) Login(payload login.LoginRequestPayload) (*login.Log
 
 		switch {
 		case errors.Is(err, gorm.ErrRecordNotFound):
-			errorObj = fmt.Errorf("username or password combination not found")
+			errorObj = fmt.Errorf("username and password combination not found")
 		default:
 			errorObj = err
 		}
@@ -28,7 +28,11 @@ func (auth AuthServiceImpl) Login(payload login.LoginRequestPayload) (*login.Log
 	}
 
 	if err := auth.Check(payload.Password, user.Password); err != nil {
-		return nil, err
+		return nil, fmt.Errorf("username and password combination not found")
+	}
+
+	if !user.IsActivated {
+		return nil, fmt.Errorf("user is not activated yet")
 	}
 
 	refreshClaim := tokenModel.UserClaim{
diff --git a/test/utils/password/password_test.go b/test/utils/password/password_test.go
new file mode 100644
index 0000000000000000000000000000000000000000..e7205b89ea1532365cda6a3814d4bd43ed6f510b
--- /dev/null
+++ b/test/utils/password/password_test.go
@@ -0,0 +1,31 @@
+package password_test
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"gitlab.informatika.org/ocw/ocw-backend/utils/password"
+)
+
+func TestPasswordHash(t *testing.T) {
+	obj := password.PasswordUtilImpl{}
+
+	t.Run("PasswordCanBeHashed", func(t *testing.T) {
+		_, err := obj.Hash("admin")
+
+		assert.Nil(t, err)
+	})
+
+	t.Run("PasswordCanBeHashAndValidateCorrectly", func(t *testing.T) {
+		hash, err := obj.Hash("admin")
+
+		assert.Nil(t, err)
+
+		err = obj.Check("admin", hash)
+		assert.Nil(t, err)
+
+		err = obj.Check("seseorang", hash)
+		assert.NotNil(t, err)
+		assert.Equal(t, err.Error(), "password mismatch")
+	})
+}
diff --git a/utils/password/impl.go b/utils/password/impl.go
index f9cb7ab7b5590edd581412c7d73123c3e591cff1..9a660b472041db250ca4f6664ebb461db0560f39 100644
--- a/utils/password/impl.go
+++ b/utils/password/impl.go
@@ -15,20 +15,14 @@ type PasswordUtilImpl struct {
 
 func (e PasswordUtilImpl) Hash(password string) (string, error) {
 	hash, err := bcrypt.GenerateFromPassword([]byte(password), e.Environment.PasswordCost)
-	return e.Base64Util.Encode(hash), err
+	return string(hash), err
 }
 
 func (e PasswordUtilImpl) Check(password string, hashedPassword string) error {
-	hash, err := e.Base64Util.Decode(hashedPassword)
+	err := bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(password))
 
 	if err != nil {
-		return err
-	}
-
-	err = bcrypt.CompareHashAndPassword(hash, []byte(password))
-
-	if err != nil {
-		return fmt.Errorf("username or password combination is not found")
+		return fmt.Errorf("password mismatch")
 	}
 
 	return nil