diff --git a/collects/handin-server/doc.txt b/collects/handin-server/doc.txt
index 53086332e9..e968aa2cc1 100644
--- a/collects/handin-server/doc.txt
+++ b/collects/handin-server/doc.txt
@@ -313,12 +313,12 @@ sub-directories:
     matches your 'extra-fields specification.  For example, given this
     system file:
 
-      foo:wRzN1u5q2SqRD:1203:1203:Foo Moo:/home/foo:/bin/tcsh
+      foo:wRzN1u5q2SqRD:1203:1203:L.E. Foo:/home/foo:/bin/tcsh
       bar:$1$dKlU0OkJ$t63NU/eTzKz:1205:1205:Bar Z. Lie:/home/bar:/bin/bash
 
-    you can create a "users.ss" file as
+    you can create this "users.ss" file:
 
-      ((foo ((unix "wRzN1u5q2SqRD") "Foo Moo" "?"))
+      ((foo ((unix "wRzN1u5q2SqRD") "L.E. Foo" "?"))
        (bar ((unix "$1$dKlU0OkJ$t63NU/eTzKz") "Bar Z. Lie" "?")))
 
     which can be combined with this setting for 'extra-fields in your
@@ -333,6 +333,10 @@ sub-directories:
     and password, and use the "Manage ..." dialog to properly set
     their TA name.
 
+    Finally, a password value can be a list that begins with a
+    'plaintext symbol, which will be used without encryption.  This
+    may be useful for manually resetting a forgotten passwords.
+
   * "active/" --- sub-directory for active assignments. A list of
     active assignments is sent to a client tool when a student clicks
     "Handin", based on the contents of this directory. The student
diff --git a/collects/handin-server/handin-server.ss b/collects/handin-server/handin-server.ss
index 293ae59f76..0543bfe076 100644
--- a/collects/handin-server/handin-server.ss
+++ b/collects/handin-server/handin-server.ss
@@ -459,16 +459,21 @@
           (lambda () (bytes->string/utf-8 (c passwd salt)))))))
   (define (has-password? raw md5 passwords)
     (define (good? passwd)
+      (define (bad-password msg)
+        (LOG "ERROR: ~a -- ~s" log-args passwd)
+        (error 'handin "bad password in user database"))
       (cond [(string? passwd) (equal? md5 passwd)]
             [(and (list? passwd) (= 2 (length passwd))
-                  (eq? 'unix (car passwd)) (string? (cadr passwd))
-                  ;; find the salt part
-                  (regexp-match #rx"^([$][^$]+[$][^$]+[$]|..)" (cadr passwd)))
-             => (lambda (m)
-                  (equal? (crypt raw (car m)) (cadr passwd)))]
-            [else (LOG "ERROR: bad password in user database: ~s" passwd)
-                  ;; do not show the bad password...
-                  (error 'handin "bad password in user database")]))
+                  (symbol? (car passwd)) (string? (cadr passwd)))
+             (case (car passwd)
+               [(plaintext) (equal? raw (cadr passwd))]
+               [(unix)
+                (let ([salt (regexp-match #rx"^([$][^$]+[$][^$]+[$]|..)"
+                                          (cadr passwd))])
+                  (unless salt (bad-password "badly formatted unix password"))
+                  (equal? (crypt raw (car salt)) (cadr passwd)))]
+               [else (bad-password "bad password type in user database")])]
+            [else (bad-password "bad password value in user database")]))
     (or (member md5 passwords) ; very cheap search first
         (ormap good? passwords)))