diff --git a/source/java/org/alfresco/repo/security/authentication/CompositePasswordEncoder.java b/source/java/org/alfresco/repo/security/authentication/CompositePasswordEncoder.java
index 330f219cd6..d8d9a542e2 100644
--- a/source/java/org/alfresco/repo/security/authentication/CompositePasswordEncoder.java
+++ b/source/java/org/alfresco/repo/security/authentication/CompositePasswordEncoder.java
@@ -112,8 +112,12 @@ public class CompositePasswordEncoder
                 //The unsafe encoder is used at the end so that's ok.
                 return true;
             }
-            logger.warn("Unsafe encoders in the encoding chain: "+Arrays.toString(unsafeEncoders.toArray())
-                    +". Only 1 unsafe encoder is allowed at the end of the chain: "+Arrays.toString(encodingChain.toArray()));
+            //, because there is already an unupgradable encoder at the end of the chain.
+            if (logger.isDebugEnabled()) {
+                logger.debug("Non-upgradable encoders in the encoding chain: "+Arrays.toString(unsafeEncoders.toArray())
+                        +". Only 1 non-upgradable encoder is allowed at the end of the chain: "+Arrays.toString(encodingChain.toArray()));
+            }
+
         }
         return false;
     }
@@ -128,6 +132,8 @@ public class CompositePasswordEncoder
         if (logger.isDebugEnabled()) {
             logger.debug("Preferred password encoding set to "+preferredEncoding);
         }
+        if (!encoders.containsKey(preferredEncoding)) throw new AlfrescoRuntimeException("Invalid preferredEncoding specified: "
+                +preferredEncoding+ ". Permissible encoders are "+encoders.keySet());
     }
 
     /**
diff --git a/source/java/org/alfresco/repo/security/authentication/UpgradePasswordHashWorker.java b/source/java/org/alfresco/repo/security/authentication/UpgradePasswordHashWorker.java
index 5b3cdfa800..9418d4e482 100644
--- a/source/java/org/alfresco/repo/security/authentication/UpgradePasswordHashWorker.java
+++ b/source/java/org/alfresco/repo/security/authentication/UpgradePasswordHashWorker.java
@@ -303,7 +303,8 @@ public class UpgradePasswordHashWorker implements ApplicationContextAware, Initi
             }
             else
             {
-                logger.warn("Unsafe to Double Hash user: " + username + "'. The user needs to login first.");
+                logger.warn("Unable to upgrade password hash for user '" + username
+                        + "', please ask them to login.");
                 return false;
             }
         }
@@ -494,7 +495,7 @@ public class UpgradePasswordHashWorker implements ApplicationContextAware, Initi
                 }
                 else if (logger.isTraceEnabled())
                 {
-                    logger.trace("User '" + username + "' has preferred encoding");
+                    logger.trace("Encoding for user '" + username + "' was not changed.");
                 }
             }
             catch (Exception e)
diff --git a/source/test-java/org/alfresco/repo/security/authentication/CompositePasswordEncoderTest.java b/source/test-java/org/alfresco/repo/security/authentication/CompositePasswordEncoderTest.java
index 2bc161e07a..8c9cc4afef 100644
--- a/source/test-java/org/alfresco/repo/security/authentication/CompositePasswordEncoderTest.java
+++ b/source/test-java/org/alfresco/repo/security/authentication/CompositePasswordEncoderTest.java
@@ -318,9 +318,17 @@ public class CompositePasswordEncoderTest
 
         //No default preferred encoding
         subject.setPreferredEncoding("nice_encoding");
-        subject.init();
+        try
+        {
+            subject.init();
+        } catch (AlfrescoRuntimeException expected)
+        {
+            expected.getMessage().contains("Invalid preferredEncoding specified");
+        }
 
-        assertEquals("nice_encoding", subject.getPreferredEncoding());
+        subject.setPreferredEncoding("bcrypt12");
+        subject.init();
+        assertEquals("bcrypt12", subject.getPreferredEncoding());
     }
 
     @Test