diff --git a/lib/pop3-connection.js b/lib/pop3-connection.js
index a1a7a11..d71befa 100644
--- a/lib/pop3-connection.js
+++ b/lib/pop3-connection.js
@@ -55,7 +55,7 @@ class POP3Connection extends EventEmitter {
             tnx: 'send',
             cid: this._id,
             host: this.remoteAddress
-        }, 'S:', (payload.length < 128 ? payload : payload.substr(0, 128) + '... +' + (payload.length - 128) + ' B').replace(/\r?\n/g,'\\n'));
+        }, 'S:', (payload.length < 128 ? payload : payload.substr(0, 128) + '... +' + (payload.length - 128) + ' B').replace(/\r?\n/g, '\\n'));
         this.write(payload + '\r\n');
     }
 
@@ -130,7 +130,8 @@ class POP3Connection extends EventEmitter {
 
     _resetSession() {
         this.session = {
-            state: 'AUTHORIZATION'
+            state: 'AUTHORIZATION',
+            remoteAddress: this.remoteAddress
         };
     }
 
diff --git a/package.json b/package.json
index 06619d0..71cd6bf 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "wildduck",
-  "version": "1.0.22",
+  "version": "1.0.23",
   "description": "IMAP server built with Node.js and MongoDB",
   "main": "server.js",
   "scripts": {
diff --git a/pop3.js b/pop3.js
index a08b2fa..8373a8c 100644
--- a/pop3.js
+++ b/pop3.js
@@ -4,7 +4,7 @@ const config = require('config');
 const log = require('npmlog');
 const POP3Server = require('./lib/pop3-server');
 const fs = require('fs');
-const bcrypt = require('bcryptjs');
+const UserHandler = require('./lib/user-handler');
 const MessageHandler = require('./lib/message-handler');
 const ObjectID = require('mongodb').ObjectID;
 const db = require('./lib/db');
@@ -12,6 +12,7 @@ const db = require('./lib/db');
 const MAX_MESSAGES = 250;
 
 let messageHandler;
+let userHandler;
 
 const serverOptions = {
     port: config.pop3.port,
@@ -35,23 +36,26 @@ const serverOptions = {
     },
 
     onAuth(auth, session, callback) {
-        db.database.collection('users').findOne({
-            username: auth.username
-        }, (err, user) => {
+        userHandler.authenticate(auth.username, auth.password, {
+            protocol: 'POP3',
+            ip: session.remoteAddress
+        }, (err, result) => {
             if (err) {
                 return callback(err);
             }
+            if (!result) {
+                return callback();
+            }
 
-            if (!user || !bcrypt.compareSync(auth.password, user.password)) {
-                return callback(null, {
-                    message: 'Authentication failed'
-                });
+            if (result.scope === 'master' && result.enabled2fa) {
+                // master password not allowed if 2fa is enabled!
+                return callback();
             }
 
             callback(null, {
                 user: {
-                    id: user._id,
-                    username: user.username
+                    id: result.user,
+                    username: result.username
                 }
             });
         });
@@ -280,6 +284,7 @@ module.exports = done => {
     let started = false;
 
     messageHandler = new MessageHandler(db.database);
+    userHandler = new UserHandler(db.database, db.redis);
 
     server.on('error', err => {
         if (!started) {