diff --git a/src/currency_core/currency_format_utils.cpp b/src/currency_core/currency_format_utils.cpp
index 9870ed52..5e3a3df8 100644
--- a/src/currency_core/currency_format_utils.cpp
+++ b/src/currency_core/currency_format_utils.cpp
@@ -1737,7 +1737,13 @@ namespace currency
     }
     return true;
   }
-
+  //------------------------------------------------------------------
+  bool validate_password(const std::string& password)
+  {
+    static const std::string allowed_password_symbols = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz~!?@#$%^&*_+|{}[]()<>:;\"'-=\\/.,";
+    size_t n = password.find_first_not_of(allowed_password_symbols, 0);
+    return n == std::string::npos;
+  }
 
   //------------------------------------------------------------------
 #define ANTI_OVERFLOW_AMOUNT       1000000
diff --git a/src/currency_core/currency_format_utils.h b/src/currency_core/currency_format_utils.h
index 513df6f1..4a467a3e 100644
--- a/src/currency_core/currency_format_utils.h
+++ b/src/currency_core/currency_format_utils.h
@@ -163,6 +163,7 @@ namespace currency
   uint64_t get_string_uint64_hash(const std::string& str);
   bool construct_tx_out(const tx_destination_entry& de, const crypto::secret_key& tx_sec_key, size_t output_index, transaction& tx, std::set<uint16_t>& deriv_cache, uint8_t tx_outs_attr = CURRENCY_TO_KEY_OUT_RELAXED);
   bool validate_alias_name(const std::string& al);
+  bool validate_password(const std::string& password);
   void get_attachment_extra_info_details(const std::vector<attachment_v>& attachment, extra_attachment_info& eai);
   bool construct_tx(const account_keys& sender_account_keys, 
     const std::vector<tx_source_entry>& sources, 
diff --git a/src/gui/qt-daemon/application/mainwindow.cpp b/src/gui/qt-daemon/application/mainwindow.cpp
index 77dff950..606a8bbe 100644
--- a/src/gui/qt-daemon/application/mainwindow.cpp
+++ b/src/gui/qt-daemon/application/mainwindow.cpp
@@ -1034,6 +1034,7 @@ void MainWindow::on_complete_events()
   }
   CATCH_ENTRY2(void());
 }
+
 void MainWindow::on_clear_events()
 {
   TRY_ENTRY();
@@ -1055,9 +1056,13 @@ QString MainWindow::get_secure_app_data(const QString& param)
   }
 
   std::string app_data_buff;
-  bool r = file_io_utils::load_file_to_string(m_backend.get_config_folder() + "/" + GUI_SECURE_CONFIG_FILENAME, app_data_buff);
+  std::string filename = m_backend.get_config_folder() + "/" + GUI_SECURE_CONFIG_FILENAME;
+  bool r = file_io_utils::load_file_to_string(filename, app_data_buff);
   if (!r)
+  {
+    LOG_PRINT_L1("config file was not loaded: " << m_backend.get_config_folder() + "/" + GUI_SECURE_CONFIG_FILENAME);
     return "";
+  }
 
   if (app_data_buff.size() < sizeof(app_data_file_binary_header))
   {
@@ -1080,23 +1085,38 @@ QString MainWindow::get_secure_app_data(const QString& param)
 
   m_master_password = pwd.pass;
 
+  crypto::hash master_password_pre_hash = crypto::cn_fast_hash(m_master_password.c_str(), m_master_password.length());
+  crypto::hash master_password_hash = crypto::cn_fast_hash(&master_password_pre_hash, sizeof master_password_pre_hash);
+  LOG_PRINT_L0("get_secure_app_data, pass hash: " << master_password_hash);
+
   return app_data_buff.substr(sizeof(app_data_file_binary_header)).c_str();
   CATCH_ENTRY2(API_RETURN_CODE_INTERNAL_ERROR);
 }
 
 QString MainWindow::set_master_password(const QString& param)
 {
+  view::api_response ar;
+
   view::password_data pwd = AUTO_VAL_INIT(pwd);
 
   if (!epee::serialization::load_t_from_json(pwd, param.toStdString()))
   {
-    view::api_response ar;
     ar.error_code = API_RETURN_CODE_BAD_ARG;
     return MAKE_RESPONSE(ar);
   }
+
+  if (!currency::validate_password(pwd.pass))
+  {
+    ar.error_code = API_RETURN_CODE_BAD_ARG;
+    return MAKE_RESPONSE(ar);
+  }
+
   m_master_password = pwd.pass;
 
-  view::api_response ar;
+  crypto::hash master_password_pre_hash = crypto::cn_fast_hash(m_master_password.c_str(), m_master_password.length());
+  crypto::hash master_password_hash = crypto::cn_fast_hash(&master_password_pre_hash, sizeof master_password_pre_hash);
+  LOG_PRINT_L0("set_master_password, pass hash: " << master_password_hash);
+
   ar.error_code = API_RETURN_CODE_OK;
   return MAKE_RESPONSE(ar);
 }
@@ -1111,11 +1131,18 @@ QString MainWindow::check_master_password(const QString& param)
     ar.error_code = API_RETURN_CODE_BAD_ARG;
     return MAKE_RESPONSE(ar);
   }
+
+  crypto::hash master_password_pre_hash = crypto::cn_fast_hash(m_master_password.c_str(), m_master_password.length());
+  crypto::hash master_password_hash = crypto::cn_fast_hash(&master_password_pre_hash, sizeof master_password_pre_hash);
+  crypto::hash pwd_pre_hash = crypto::cn_fast_hash(pwd.pass.c_str(), pwd.pass.length());
+  crypto::hash pwd_hash = crypto::cn_fast_hash(&pwd_pre_hash, sizeof pwd_pre_hash);
  
   if (m_master_password != pwd.pass)
   {
     ar.error_code = API_RETURN_CODE_WRONG_PASSWORD;
-  }else
+    LOG_PRINT_L0("check_master_password: pwd hash: " << pwd_hash << ", expected: " << master_password_hash);
+  }
+  else
   {
     ar.error_code = API_RETURN_CODE_OK;
   }
@@ -1134,18 +1161,27 @@ QString MainWindow::store_app_data(const QString& param)
     return MAKE_RESPONSE(ar);
   }
 
-  //bool r = file_io_utils::save_string_to_file(m_backend.get_config_folder() + "/" + GUI_CONFIG_FILENAME, param.toStdString());
-  bool r = file_io_utils::save_string_to_file(m_backend.get_config_folder() + "/" + GUI_CONFIG_FILENAME, param.toStdString());
-  //view::api_response ar;
-  if (r)
-    ar.error_code = API_RETURN_CODE_OK;
-  else
-    ar.error_code = API_RETURN_CODE_FAIL;
+  crypto::hash master_password_pre_hash = crypto::cn_fast_hash(m_master_password.c_str(), m_master_password.length());
+  crypto::hash master_password_hash = crypto::cn_fast_hash(&master_password_pre_hash, sizeof master_password_pre_hash);
+  LOG_PRINT_L0("store_app_data, pass hash: " << master_password_hash);
+
+  std::string filename = m_backend.get_config_folder() + "/" + GUI_CONFIG_FILENAME;
+  bool r = file_io_utils::save_string_to_file(filename, param.toStdString());
+  if (r)
+  {
+    ar.error_code = API_RETURN_CODE_OK;
+    LOG_PRINT_L1("config saved: " << filename);
+  }
+  else
+  {
+    ar.error_code = API_RETURN_CODE_FAIL;
+    LOG_PRINT_L1("config save failed: " << filename);
+  }
 
-  //ar.error_code = store_to_file((m_backend.get_config_folder() + "/" + GUI_CONFIG_FILENAME).c_str(), param).toStdString();
   return MAKE_RESPONSE(ar);
   CATCH_ENTRY_FAIL_API_RESPONCE();
 }
+
 QString MainWindow::is_file_exist(const QString& path)
 {
   TRY_ENTRY();
@@ -1158,7 +1194,7 @@ QString MainWindow::is_file_exist(const QString& path)
   }
   catch (const std::exception& ex)
   {
-    LOG_ERROR("FILED TO STORE TO FILE: " << path.toStdString() << " ERROR:" << ex.what());
+    LOG_ERROR("failed to check file existance: " << path.toStdString() << " ERROR:" << ex.what());
     return QString(API_RETURN_CODE_ALREADY_EXISTS) + ": " + ex.what();
   }
 
@@ -1168,6 +1204,7 @@ QString MainWindow::is_file_exist(const QString& path)
   }
   CATCH_ENTRY2(API_RETURN_CODE_INTERNAL_ERROR);
 }
+
 QString MainWindow::store_to_file(const QString& path, const QString& buff)
 {
   TRY_ENTRY();
@@ -1256,6 +1293,10 @@ QString MainWindow::store_secure_app_data(const QString& param)
   else
     ar.error_code = API_RETURN_CODE_FAIL;
 
+  crypto::hash master_password_pre_hash = crypto::cn_fast_hash(m_master_password.c_str(), m_master_password.length());
+  crypto::hash master_password_hash = crypto::cn_fast_hash(&master_password_pre_hash, sizeof master_password_pre_hash);
+  LOG_PRINT_L0("store_secure_app_data, r = " << r << ", pass hash: " << master_password_hash);
+
   return MAKE_RESPONSE(ar);
   CATCH_ENTRY_FAIL_API_RESPONCE();
 }
diff --git a/src/wallet/wallet2.cpp b/src/wallet/wallet2.cpp
index 3bb392c3..46cdd2fa 100644
--- a/src/wallet/wallet2.cpp
+++ b/src/wallet/wallet2.cpp
@@ -1962,6 +1962,7 @@ void wallet2::assign_account(const currency::account_base& acc)
 //----------------------------------------------------------------------------------------------------
 void wallet2::generate(const std::wstring& path, const std::string& pass)
 {
+  WLT_THROW_IF_FALSE_WALLET_CMN_ERR_EX(validate_password(pass), "new wallet generation failed: password contains forbidden characters")
   clear();
   prepare_file_names(path);
   m_password = pass;
diff --git a/src/wallet/wallet2.h b/src/wallet/wallet2.h
index f4c741c5..a1d1955b 100644
--- a/src/wallet/wallet2.h
+++ b/src/wallet/wallet2.h
@@ -63,6 +63,7 @@ ENABLE_CHANNEL_BY_DEFAULT("wallet");
 #define WLT_CHECK_AND_ASSERT_MES(expr, ret, msg) CHECK_AND_ASSERT_MES(expr, ret, "[W:" << m_log_prefix << "]" << msg)
 #define WLT_CHECK_AND_ASSERT_MES_NO_RET(expr, msg) CHECK_AND_ASSERT_MES_NO_RET(expr, "[W:" << m_log_prefix << "]" << msg)
 #define WLT_THROW_IF_FALSE_WALLET_INT_ERR_EX(cond, msg) THROW_IF_FALSE_WALLET_INT_ERR_EX(cond, "[W:" << m_log_prefix << "]" << msg)
+#define WLT_THROW_IF_FALSE_WALLET_CMN_ERR_EX(cond, msg) THROW_IF_FALSE_WALLET_CMN_ERR_EX(cond, "[W:" << m_log_prefix << "]" << msg)
 
 class test_generator;