diff --git a/auth.go b/auth.go
index 4021d04..a37dd82 100644
--- a/auth.go
+++ b/auth.go
@@ -30,7 +30,7 @@ func Login(username, password string) bool {
 			log.Printf("scsusers.Login: recovery time expired")
 			return false
 		}
-		u.Delete("recoverykey")
+		u.Delete("recoverycode")
 		u.Delete("recoverytime")
 	}
 	log.Printf("User %s logged in\n", username)
diff --git a/meta.go b/meta.go
index 44a2962..64bf837 100644
--- a/meta.go
+++ b/meta.go
@@ -23,7 +23,6 @@ func (u *UserData) LoadMeta() bool {
 		var m metadata
 		rows.Scan(&m.Key, &m.Value, &m.ID)
 		u.Meta[m.Key] = m
-		log.Printf("Loaded meta key %s id %d value %s", m.Key, m.ID, m.Value)
 	}
 	return true
 
diff --git a/password.go b/password.go
index ea9afd4..8fa5062 100644
--- a/password.go
+++ b/password.go
@@ -3,7 +3,6 @@ package scsusers
 import (
 	"crypto/rand"
 	"encoding/base32"
-	"log"
 	mr "math/rand"
 	"time"
 	"unicode"
@@ -23,7 +22,6 @@ func scrambleCase(in []byte) []byte {
 			out = append(out, byte(x))
 		}
 	}
-	log.Printf("scrambleCase in %s out %s", in, out)
 	return out
 }
 
diff --git a/recovery.go b/recovery.go
index 07ea4ce..30ce4b4 100644
--- a/recovery.go
+++ b/recovery.go
@@ -4,6 +4,8 @@ import (
 	"fmt"
 	"log"
 	"time"
+
+	"golang.org/x/crypto/bcrypt"
 )
 
 
@@ -12,12 +14,17 @@ func RecoverByEmail(email string) {
 	if !ok {
 		return
 	}
-	log.Printf("%#v", u)
 	recoverycode := generatePassword(16)
 	u.Delete("recoverycode")
 	u.Delete("recoverytime")
 
-	u.Set("recoverycode", string(recoverycode))
+	crypt, err := bcrypt.GenerateFromPassword(recoverycode, 10)
+	if err != nil {
+		log.Println("pass generation failed")
+		return
+	}
+
+	u.Set("recoverycode", string(crypt))
 	u.Set("recoverytime", fmt.Sprintf("%d", time.Now().Add(time.Minute*60).Unix()))
 
 	SendRecoveryEmail(email, email, string(recoverycode))