diff --git a/endpoints/api/superuser.py b/endpoints/api/superuser.py
index 2ec28c56a..fca871fe3 100644
--- a/endpoints/api/superuser.py
+++ b/endpoints/api/superuser.py
@@ -6,7 +6,7 @@ import json
 import os
 
 from random import SystemRandom
-from app import app, avatar, superusers
+from app import app, avatar, superusers, authentication
 from flask import request
 
 from endpoints.api import (ApiResource, nickname, resource, validate_json_request, request_error,
@@ -115,16 +115,21 @@ def org_view(org):
     'avatar': avatar.get_data_for_org(org),
   }
 
-def user_view(user):
-  return  {
+def user_view(user, password=None):
+  user_data = {
     'username': user.username,
     'email': user.email,
     'verified': user.verified,
     'avatar': avatar.get_data_for_user(user),
     'super_user': superusers.is_superuser(user.username),
-    'enabled': user.enabled
+    'enabled': user.enabled,
   }
 
+  if password is not None:
+    user_data['encrypted_password'] = authentication.encrypt_user_password(password)
+
+  return user_data
+
 @resource('/v1/superuser/changelog/')
 @internal_only
 @show_if(features.SUPER_USERS)
@@ -232,7 +237,8 @@ class SuperUserList(ApiResource):
       return {
         'username': username,
         'email': email,
-        'password': password
+        'password': password,
+        'encrypted_password': authentication.encrypt_user_password(password),
       }
 
     abort(403)
@@ -355,7 +361,7 @@ class SuperUserManagement(ApiResource):
           user.enabled = bool(user_data['enabled'])
           user.save()
 
-        return user_view(user)
+        return user_view(user, password=user_data.get('password'))
 
     abort(403)
 
diff --git a/test/test_api_usage.py b/test/test_api_usage.py
index 4ec4348dd..ed759ae7d 100644
--- a/test/test_api_usage.py
+++ b/test/test_api_usage.py
@@ -2903,6 +2903,17 @@ class TestSuperUserManagement(ApiTestCase):
     # Verify the user no longer exists.
     self.getResponse(SuperUserManagement, params=dict(username = 'freshuser'), expected_code=404)
 
+  def test_change_user_password(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    # Verify the user exists.
+    json = self.getJsonResponse(SuperUserManagement, params=dict(username = 'freshuser'))
+    self.assertEquals('freshuser', json['username'])
+    self.assertEquals('jschorr+test@devtable.com', json['email'])
+
+    # Update the user.
+    json = self.putJsonResponse(SuperUserManagement, params=dict(username='freshuser'), data=dict(password='somepassword'))
+    self.assertTrue('encrypted_password' in json)
 
   def test_update_user(self):
     self.login(ADMIN_ACCESS_USER)
@@ -2913,7 +2924,8 @@ class TestSuperUserManagement(ApiTestCase):
     self.assertEquals('jschorr+test@devtable.com', json['email'])
 
     # Update the user.
-    self.putJsonResponse(SuperUserManagement, params=dict(username='freshuser'), data=dict(email='foo@bar.com'))
+    json = self.putJsonResponse(SuperUserManagement, params=dict(username='freshuser'), data=dict(email='foo@bar.com'))
+    self.assertFalse('encrypted_password' in json)
 
     # Verify the user was updated.
     json = self.getJsonResponse(SuperUserManagement, params=dict(username = 'freshuser'))