diff --git a/model/AdminpasswordHandler.php b/model/AdminpasswordHandler.php
index 7d071aa9..f81ccaf0 100644
--- a/model/AdminpasswordHandler.php
+++ b/model/AdminpasswordHandler.php
@@ -80,7 +80,7 @@ class AdminpasswordHandler extends PFAHandler {
      * check if old password is correct
      */
     protected function _validate_oldpass($field, $val) {
-        $l = new Login('admin', 'username');
+        $l = new Login('admin');
         if ($l->login($this->id, $val)) {
             return true;
         }
diff --git a/model/Login.php b/model/Login.php
index f6a850ce..5bf1679b 100644
--- a/model/Login.php
+++ b/model/Login.php
@@ -3,11 +3,14 @@
 
 class Login {
     private $table;
-    private $id_field;
 
-    public function __construct(string $tableName, string $idField) {
+    public function __construct(string $tableName) {
+        $ok = ['mailbox', 'admin'];
+
+        if(!in_array($tableName, $ok)) {
+            throw new \InvalidArgumentException("Unsupported tableName for login: " . $tableName);
+        }
         $this->table = table_by_key($tableName);
-        $this->id_field = $idField;
     }
 
     /**
@@ -19,7 +22,7 @@ class Login {
      */
     public function login($username, $password): bool {
         $active = db_get_boolean(true);
-        $query = "SELECT password FROM {$this->table} WHERE {$this->id_field} = :username AND active = :active";
+        $query = "SELECT password FROM {$this->table} WHERE username = :username AND active = :active";
 
         $values = array('username' => $username, 'active' => $active);
 
@@ -45,7 +48,7 @@ class Login {
      * @throws Exception
      */
     public function generatePasswordRecoveryCode(string $username) {
-        $sql = "SELECT count(1) FROM {$this->table} WHERE {$this->id_field} = :username AND active = :active";
+        $sql = "SELECT count(1) FROM {$this->table} WHERE username = :username AND active = :active";
 
         $active = db_get_boolean(true);
 
@@ -58,7 +61,7 @@ class Login {
 
         if ($result) {
             $token = generate_password();
-            $updatedRows = db_update($this->table, $this->id_field, $username, array(
+            $updatedRows = db_update($this->table, 'username', $username, array(
                 'token' => pacrypt($token),
                 'token_validity' => date("Y-m-d H:i:s", strtotime('+ 1 hour')),
             ));
@@ -85,9 +88,7 @@ class Login {
     public function changePassword($username, $new_password, $old_password): bool {
         list(/*NULL*/, $domain) = explode('@', $username);
 
-        $login = new Login($this->table, $this->id_field);
-
-        if (!$login->login($username, $old_password)) {
+        if (!$this->login($username, $old_password)) {
             throw new \Exception(Config::Lang('pPassword_password_current_text_error'));
         }
 
diff --git a/public/login.php b/public/login.php
index 501156e8..8ea06792 100644
--- a/public/login.php
+++ b/public/login.php
@@ -56,7 +56,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
 
     $h = new AdminHandler();
 
-    $login = new Login('admin', $h->getId_field());
+    $login = new Login('admin');
     if ($login->login($fUsername, $fPassword)) {
         init_session($fUsername, true);
 
diff --git a/public/users/login.php b/public/users/login.php
index c652c17f..f5019c7a 100644
--- a/public/users/login.php
+++ b/public/users/login.php
@@ -46,9 +46,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
       # (language preference cookie is processed even if username and/or password are invalid)
     }
 
-    $h = new MailboxHandler();
-
-    $login = new Login('mailbox', 'username');
+    $login = new Login('mailbox');
     ;
     if ($login->login($fUsername, $fPassword)) {
         init_session($fUsername, false);
diff --git a/public/users/password-recover.php b/public/users/password-recover.php
index fc2ae556..1326a872 100644
--- a/public/users/password-recover.php
+++ b/public/users/password-recover.php
@@ -70,12 +70,10 @@ if ($_SERVER['REQUEST_METHOD'] === "POST") {
     $tUsername = escape_string($username);
 
     $table = $context === 'admin' ? 'admin' : 'mailbox';
-    $login = new Login($table, 'username');
+    $login = new Login($table);
 
     $token = $login->generatePasswordRecoveryCode($tUsername);
 
-    $handler = $context === 'admin' ? new AdminHandler : new MailboxHandler;
-    
     if ($token !== false) {
         $table = table_by_key($context === 'users' ? 'mailbox' : 'admin');
         $row = db_query_one("SELECT * FROM $table WHERE username= :username", array('username' => $username));
diff --git a/public/users/password.php b/public/users/password.php
index 4cf27032..e7e06066 100644
--- a/public/users/password.php
+++ b/public/users/password.php
@@ -57,9 +57,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
         $error += 1;
     }
 
-    $mh = new MailboxHandler();
-
-    $login = new Login('mailbox', 'username');
+    $login = new Login('mailbox');
 
     if (!$login->login($username, $fPassword_current)) {
         $error += 1;
diff --git a/public/xmlrpc.php b/public/xmlrpc.php
index 5e0d47ad..cd397e09 100644
--- a/public/xmlrpc.php
+++ b/public/xmlrpc.php
@@ -45,8 +45,7 @@ $server = new Zend_XmlRpc_Server();
  * @return boolean true on success, else false.
  */
 function login($username, $password) {
-    $h = new MailboxHandler();
-    $login = new Login('mailbox', 'username');
+    $login = new Login('mailbox');
     if ($login->login($username, $password)) {
         session_regenerate_id();
         $_SESSION['authenticated'] = true;
@@ -86,7 +85,7 @@ class UserProxy {
             return false; // user doesn't exist.
         }
 
-        $login = new Login('mailbox', 'username');
+        $login = new Login('mailbox');
 
         try {
             return $login->changePassword($username, $new_password, $old_password);
@@ -101,7 +100,7 @@ class UserProxy {
      * @return boolean true if successful.
      */
     public function login($username, $password) {
-        $login = new Login('mailbox', 'username');
+        $login = new Login('mailbox');
         return $login->login($username, $password);
     }
 }
diff --git a/tests/LoginTest.php b/tests/LoginTest.php
index bcb8845c..985c5655 100644
--- a/tests/LoginTest.php
+++ b/tests/LoginTest.php
@@ -32,7 +32,7 @@ VALUES(:username, :password, :name, :maildir, :local_part, :domain)",
     }
 
     public function testInvalidUsers() {
-        $login = new Login('mailbox', 'username');
+        $login = new Login('mailbox');
 
         $this->assertFalse($login->login('test', 'password'));
         $this->assertFalse($login->login('test', ''));
@@ -41,7 +41,7 @@ VALUES(:username, :password, :name, :maildir, :local_part, :domain)",
 
 
     public function testValidLogin() {
-        $login = new Login('mailbox', 'username');
+        $login = new Login('mailbox');
 
         $this->assertFalse($login->login('test', 'password'));
         $this->assertFalse($login->login('test', 'foobar'));
@@ -49,7 +49,7 @@ VALUES(:username, :password, :name, :maildir, :local_part, :domain)",
     }
 
     public function testPasswordRecovery() {
-        $login = new Login('mailbox', 'username');
+        $login = new Login('mailbox');
         $this->assertFalse($login->generatePasswordRecoveryCode(''));
         $this->assertFalse($login->generatePasswordRecoveryCode('doesnotexist'));
         $this->assertNotEmpty($login->generatePasswordRecoveryCode('test@example.com'));