diff --git a/EVENTS.txt b/EVENTS.txt
index a8a77390f6..7be611c710 100644
--- a/EVENTS.txt
+++ b/EVENTS.txt
@@ -474,3 +474,8 @@ StartPublicXRDS: Start XRDS output (right after the opening XRDS tag)
 EndPublicXRDS: End XRDS output (right before the closing XRDS tag)
 - $action: the current action
 - &$xrdsoutputter - XRDSOutputter object to write to
+
+CheckPassword: Check a username/password
+- $nickname: The nickname to check
+- $password: The password to check
+- &$authenticated: set to true to indicate authentication succeeded.
diff --git a/lib/util.php b/lib/util.php
index bf7282858a..46aa7f9012 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -127,8 +127,17 @@ function common_check_user($nickname, $password)
     if (is_null($user) || $user === false) {
         return false;
     } else {
-        if (0 == strcmp(common_munge_password($password, $user->id),
-                        $user->password)) {
+        $authenticated = false;
+        Event::handle('CheckPassword', array($nickname, $password, &$authenticated));
+        if(! $authenticated){
+            //no handler asserted the user, so check ourselves
+            if (0 == strcmp(common_munge_password($password, $user->id),
+                            $user->password)) {
+                //internal checking passed
+                $authenticated = true;
+            }
+        }
+        if($authenticated){
             return $user;
         } else {
             return false;