diff --git a/auth/providers/password.go b/auth/providers/password.go
index 49d4f5c..16755a5 100644
--- a/auth/providers/password.go
+++ b/auth/providers/password.go
@@ -25,14 +25,13 @@ type PasswordLogin struct {
 	DB passwordLoginDB
 }
 
-func (b *PasswordLogin) AccessState() process.State { return process.StateBase }
+func (p *PasswordLogin) AccessState() process.State { return process.StateBase }
 
-func (b *PasswordLogin) Name() string { return "password" }
+func (p *PasswordLogin) Name() string { return "password" }
 
-func (b *PasswordLogin) RenderTemplate(ctx authContext.TemplateContext) error {
+func (p *PasswordLogin) RenderTemplate(ctx authContext.TemplateContext) error {
 	// TODO(melon): rewrite this
 	req := ctx.Request()
-	un := req.FormValue("login")
 	redirect := req.FormValue("redirect")
 	if redirect == "" {
 		redirect = "/"
@@ -41,24 +40,24 @@ func (b *PasswordLogin) RenderTemplate(ctx authContext.TemplateContext) error {
 		UserEmail string
 		Redirect  string
 	}{
-		UserEmail: un,
+		UserEmail: ctx.LoginProcessData().Email,
 		Redirect:  redirect,
 	})
 	return nil
 }
 
-func (b *PasswordLogin) AttemptLogin(ctx authContext.FormContext) error {
+func (p *PasswordLogin) AttemptLogin(ctx authContext.FormContext) error {
 	req := ctx.Request()
-	un := req.FormValue("username")
+	un := req.FormValue("email")
 	pw := req.FormValue("password")
 	if len(pw) < 8 {
 		return auth.BasicUserSafeError(http.StatusBadRequest, "Password too short")
 	}
 
-	login, err := b.DB.CheckLogin(ctx.Context(), un, pw)
+	login, err := p.DB.CheckLogin(ctx.Context(), un, pw)
 	switch {
 	case err == nil:
-		user, err := b.DB.GetUser(ctx.Context(), login.Subject)
+		user, err := p.DB.GetUser(ctx.Context(), login.Subject)
 		if err != nil {
 			return err
 		}
diff --git a/database/queries/users.sql b/database/queries/users.sql
index 1cb5ebf..25e3687 100644
--- a/database/queries/users.sql
+++ b/database/queries/users.sql
@@ -9,7 +9,7 @@ VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);
 -- name: checkLogin :one
 SELECT subject, password, need_factor, email, email_verified
 FROM users
-WHERE users.subject = ?
+WHERE users.email = ?
 LIMIT 1;
 
 -- name: GetUser :one
diff --git a/database/users.sql.go b/database/users.sql.go
index 9f2f1d7..915b34d 100644
--- a/database/users.sql.go
+++ b/database/users.sql.go
@@ -219,7 +219,7 @@ func (q *Queries) changeUserPassword(ctx context.Context, arg changeUserPassword
 const checkLogin = `-- name: checkLogin :one
 SELECT subject, password, need_factor, email, email_verified
 FROM users
-WHERE users.subject = ?
+WHERE users.email = ?
 LIMIT 1
 `
 
@@ -231,8 +231,8 @@ type checkLoginRow struct {
 	EmailVerified bool                `json:"email_verified"`
 }
 
-func (q *Queries) checkLogin(ctx context.Context, subject string) (checkLoginRow, error) {
-	row := q.db.QueryRowContext(ctx, checkLogin, subject)
+func (q *Queries) checkLogin(ctx context.Context, email string) (checkLoginRow, error) {
+	row := q.db.QueryRowContext(ctx, checkLogin, email)
 	var i checkLoginRow
 	err := row.Scan(
 		&i.Subject,