diff --git a/www/common/cryptpad-common.js b/www/common/cryptpad-common.js
index be120b2a1..4f8f69a1b 100644
--- a/www/common/cryptpad-common.js
+++ b/www/common/cryptpad-common.js
@@ -438,7 +438,7 @@ define([
                     optsGet.password = password;
                 }), href);
             }
-            if (parsed2.hashData && parsed2.hashData.password) {
+            if (parsed2.hashData && parsed2.hashData.password && !optsPut.password) {
                 common.getPadAttribute('password', waitFor(function (err, password) {
                     optsPut.password = password;
                 }));
diff --git a/www/common/sframe-common-outer.js b/www/common/sframe-common-outer.js
index 7c14a86a6..0fb4a7e39 100644
--- a/www/common/sframe-common-outer.js
+++ b/www/common/sframe-common-outer.js
@@ -766,10 +766,11 @@ define([
                         // Pass rtConfig to useTemplate because Cryptput will create the file and
                         // we need to have the owners and expiration time in the first line on the
                         // server
+                        var cryptputCfg = $.extend(true, {}, rtConfig, {password: password});
                         Cryptpad.useTemplate(data.template, Cryptget, function () {
                             startRealtime();
                             cb();
-                        }, rtConfig);
+                        }, cryptputCfg);
                         return;
                     }
                     // Start realtime outside the iframe and callback