diff --git a/api/routes/user.js b/api/routes/user.js
index 67f5ef6eb..9a12e25f7 100644
--- a/api/routes/user.js
+++ b/api/routes/user.js
@@ -153,12 +153,6 @@ function authenticate(req, res, next) {
                 email: result.email
             };
 
-            // attach the password in case it was sent via auth headers
-            var auth = extractCredentialsFromHeaders(req);
-            if (auth && auth.username === result.username) {
-                req.user.password = auth.password;
-            }
-
             next();
         });
     }