diff --git a/src/config.rs b/src/config.rs
index 648bb7100..fe26db49d 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -23,13 +23,12 @@ mod permanent_password;
 
 pub use permanent_password::{
     compute_permanent_password_h1, decode_permanent_password_h1_from_storage,
-    local_permanent_password_storage_is_usable_for_auth,
+    decode_preset_password_h1_from_storage, local_permanent_password_storage_is_usable_for_auth,
     preset_permanent_password_storage_is_usable_for_auth, ENCRYPT_MAX_LEN,
 };
 use permanent_password::{
     decode_permanent_password_h1_from_hashed_storage, decrypt_permanent_password_str_or_original,
-    encode_permanent_password_encrypted_storage_from_h1, normalize_preset_password_storage,
-    password_is_empty_or_not_hashed, permanent_password_storage_is_hashed,
+    encode_permanent_password_encrypted_storage_from_h1, password_is_empty_or_not_hashed,
     preset_permanent_password_storage_matches_plain, DEFAULT_SALT_LEN, PASSWORD_ENC_VERSION,
     PERMANENT_PASSWORD_H1_LEN,
 };
@@ -1409,7 +1408,7 @@ impl Config {
         let hard_settings = HARD_SETTINGS.read().unwrap();
         let storage = hard_settings.get("password").cloned().unwrap_or_default();
         let salt = hard_settings.get("salt").cloned().unwrap_or_default();
-        (normalize_preset_password_storage(storage, &salt), salt)
+        (storage, salt)
     }
 
     pub fn get_effective_permanent_password_salt() -> String {
@@ -1422,7 +1421,7 @@ impl Config {
         }
         let (preset_storage, preset_salt) = Self::get_preset_password_storage_and_salt();
         if !preset_salt.is_empty() {
-            if permanent_password_storage_is_hashed(&preset_storage) {
+            if preset_permanent_password_storage_is_usable_for_auth(&preset_storage, &preset_salt) {
                 return preset_salt;
             }
             return String::new();
diff --git a/src/config/permanent_password.rs b/src/config/permanent_password.rs
index 0bda60de5..4901c2fcc 100644
--- a/src/config/permanent_password.rs
+++ b/src/config/permanent_password.rs
@@ -102,20 +102,6 @@ pub(super) fn decrypt_permanent_password_str_or_original(storage: &str) -> (Stri
     (storage.to_owned(), false, !storage.is_empty())
 }
 
-pub(super) fn normalize_preset_password_storage(storage: String, salt: &str) -> String {
-    if salt.is_empty() {
-        return storage;
-    }
-    if let Some(h1) = decode_hbbs_preset_password_h1_from_storage(&storage) {
-        if let Some(storage) = encode_permanent_password_encrypted_storage_from_h1(&h1) {
-            return storage;
-        }
-        log::error!("Failed to encrypt preset permanent password hash storage");
-        return String::new();
-    }
-    storage
-}
-
 pub(super) fn permanent_password_storage_is_usable_for_auth(storage: &str, salt: &str) -> bool {
     if storage.is_empty() {
         return false;
@@ -148,11 +134,10 @@ pub fn preset_permanent_password_storage_is_usable_for_auth(storage: &str, salt:
     decode_preset_password_h1_from_storage(storage).is_some()
 }
 
-fn decode_preset_password_h1_from_storage(
+pub fn decode_preset_password_h1_from_storage(
     storage: &str,
 ) -> Option<[u8; PERMANENT_PASSWORD_H1_LEN]> {
-    decode_permanent_password_h1_from_storage(storage)
-        .or_else(|| decode_hbbs_preset_password_h1_from_storage(storage))
+    decode_hbbs_preset_password_h1_from_storage(storage)
 }
 
 pub fn local_permanent_password_storage_is_usable_for_auth(storage: &str, salt: &str) -> bool {
@@ -167,10 +152,6 @@ pub fn local_permanent_password_storage_is_usable_for_auth(storage: &str, salt:
     permanent_password_storage_is_usable_for_auth(storage, salt)
 }
 
-pub(super) fn permanent_password_storage_is_hashed(storage: &str) -> bool {
-    decode_permanent_password_h1_from_storage(storage).is_some()
-}
-
 #[cfg(test)]
 fn permanent_password_storage_matches_plain(storage: &str, salt: &str, input: &str) -> bool {
     if storage.is_empty() || input.is_empty() {
@@ -299,14 +280,11 @@ mod tests {
     }
 
     #[test]
-    fn test_hbbs_00_hashed_preset_password_storage_is_normalized() {
+    fn test_hbbs_00_hashed_preset_password_storage_is_decoded_for_preset_auth() {
         let h1 = compute_permanent_password_h1("p@ssw0rd", "salt123");
         let storage = encode_hbbs_preset_password_storage_from_h1(&h1);
 
-        assert_eq!(
-            normalize_preset_password_storage(storage, "salt123"),
-            encode_permanent_password_encrypted_storage_from_h1(&h1).unwrap()
-        );
+        assert_eq!(decode_preset_password_h1_from_storage(&storage), Some(h1));
     }
 
     #[test]
@@ -326,15 +304,25 @@ mod tests {
         ));
     }
 
+    #[test]
+    fn test_encrypted_hash_storage_is_not_accepted_as_preset_storage() {
+        let salt = "salt123";
+        let h1 = compute_permanent_password_h1("p@ssw0rd", salt);
+        let storage = encode_permanent_password_encrypted_storage_from_h1(&h1).unwrap();
+
+        assert!(!preset_permanent_password_storage_is_usable_for_auth(
+            &storage, salt
+        ));
+        assert!(!preset_permanent_password_storage_matches_plain(
+            &storage, salt, "p@ssw0rd"
+        ));
+    }
+
     #[test]
     fn test_hbbs_00_shaped_preset_password_without_salt_stays_plaintext() {
         let h1 = compute_permanent_password_h1("p@ssw0rd", "salt123");
         let storage = encode_hbbs_preset_password_storage_from_h1(&h1);
 
-        assert_eq!(
-            normalize_preset_password_storage(storage.clone(), ""),
-            storage
-        );
         assert!(preset_permanent_password_storage_is_usable_for_auth(
             &storage, ""
         ));