diff --git a/lam/lib/account.inc b/lam/lib/account.inc
index 9f1b7cfa..0e4bb62c 100644
--- a/lam/lib/account.inc
+++ b/lam/lib/account.inc
@@ -268,6 +268,20 @@ function pwd_disable($hash) {
 	}
 }
 
+/**
+ * Checks if a Unix password can be locked.
+ * This checks if the password is not plain text but e.g. contains {SSHA}.
+ * 
+ * @param String $password password value
+ * @return boolean can be locked
+ */
+function pwd_is_lockable($password) {
+	if (($password == null) || (strlen($password) < 5)) {
+		return false;
+	}
+	return ((substr($password, 0, 1) == "{") || (substr($password, 1, 1) == "{")) && (strpos($password, "}") > 3);
+}
+
 /**
 * Checks if a password hash is enabled/disabled
 *
diff --git a/lam/lib/modules/posixAccount.inc b/lam/lib/modules/posixAccount.inc
index b115c987..c73720b0 100644
--- a/lam/lib/modules/posixAccount.inc
+++ b/lam/lib/modules/posixAccount.inc
@@ -2723,7 +2723,7 @@ class posixAccount extends baseModule implements passwordService {
 	 * This is the case if a hashed password is set ("{" at the beginning).
 	 */
 	public function isLockable() {
-		if (isset($this->attributes['userPassword'][0]) && ((substr($this->attributes['userPassword'][0], 0, 1) == "{") || (substr($this->attributes['userPassword'][0], 1, 1) == "{"))) {
+		if (isset($this->attributes['userPassword'][0]) && pwd_is_lockable($this->attributes['userPassword'][0])) {
 			return true;
 		}
 		return false;