diff --git a/para-server/src/main/java/com/erudika/para/server/security/filters/PasswordAuthFilter.java b/para-server/src/main/java/com/erudika/para/server/security/filters/PasswordAuthFilter.java
index a2d14d36..0143edbc 100644
--- a/para-server/src/main/java/com/erudika/para/server/security/filters/PasswordAuthFilter.java
+++ b/para-server/src/main/java/com/erudika/para/server/security/filters/PasswordAuthFilter.java
@@ -72,7 +72,7 @@ public Authentication attemptAuthentication(HttpServletRequest request, HttpServ
 
 		if (requestURI.endsWith(PASSWORD_ACTION)) {
 			user = new User();
-			user.setIdentifier(request.getParameter(EMAIL));
+			user.setIdentifier(StringUtils.toRootLowerCase(request.getParameter(EMAIL)));
 			user.setPassword(request.getParameter(PASSWORD));
 			String appid = SecurityUtils.getAppidFromAuthRequest(request);
 			if (!App.isRoot(appid)) {
@@ -107,7 +107,7 @@ public UserAuthentication getOrCreateUser(App app, String accessToken) {
 		User user = new User();
 		if (accessToken != null && accessToken.contains(Para.getConfig().separator())) {
 			String[] parts = accessToken.split(Para.getConfig().separator(), 3);
-			String email = parts[0];
+			String email = StringUtils.toRootLowerCase(parts[0]);
 			String name = StringUtils.trimToEmpty(parts[1]);
 			String pass = (parts.length > 2) ? parts[2] : "";