diff --git a/module/VuFind/src/VuFind/Auth/AbstractBase.php b/module/VuFind/src/VuFind/Auth/AbstractBase.php
index 828b9b5cc4e2bf3ef4597f7a02de57677708db61..22471d119dcdb02a4f772cb1a813435e34e2d8b0 100644
--- a/module/VuFind/src/VuFind/Auth/AbstractBase.php
+++ b/module/VuFind/src/VuFind/Auth/AbstractBase.php
@@ -27,7 +27,7 @@
  * @link     http://www.vufind.org  Main Page
  */
 namespace VuFind\Auth;
-use VuFind\Exception\Auth as AuthException;
+use VuFind\Db\Row\User, VuFind\Exception\Auth as AuthException;
 
 /**
  * Abstract authentication base class
@@ -112,10 +112,31 @@ abstract class AbstractBase implements \VuFind\Db\Table\DbTableAwareInterface
      * account credentials.
      *
      * @throws AuthException
-     * @return \VuFind\Db\Row\User Object representing logged-in user.
+     * @return User Object representing logged-in user.
      */
     abstract public function authenticate($request);
 
+    /**
+     * Validate the credentials in the provided request, but do not change the state
+     * of the current logged-in user. Return true for valid credentials, false
+     * otherwise.
+     *
+     * @param \Zend\Http\PhpEnvironment\Request $request Request object containing
+     * account credentials.
+     *
+     * @throws AuthException
+     * @return bool
+     */
+    public function validateCredentials($request)
+    {
+        try {
+            $user = $this->authenticate($request);
+        } catch (AuthException $e) {
+            return false;
+        }
+        return isset($user) && $user instanceof User;
+    }
+
     /**
      * Has the user's login expired?
      *
@@ -134,7 +155,7 @@ abstract class AbstractBase implements \VuFind\Db\Table\DbTableAwareInterface
      * new account details.
      *
      * @throws AuthException
-     * @return \VuFind\Db\Row\User New user row.
+     * @return User New user row.
      * @SuppressWarnings(PHPMD.UnusedFormalParameter)
      */
     public function create($request)
@@ -151,7 +172,7 @@ abstract class AbstractBase implements \VuFind\Db\Table\DbTableAwareInterface
      * new account details.
      *
      * @throws AuthException
-     * @return \VuFind\Db\Row\User New user row.
+     * @return User New user row.
      * @SuppressWarnings(PHPMD.UnusedFormalParameter)
      */
     public function updatePassword($request)
diff --git a/module/VuFind/src/VuFind/Auth/ChoiceAuth.php b/module/VuFind/src/VuFind/Auth/ChoiceAuth.php
index da179177f1ff5c8bedfd80fc2d4b5685426d113e..e2517cb45a3cbb8f46c2976c8d93ed58f0c2f042 100644
--- a/module/VuFind/src/VuFind/Auth/ChoiceAuth.php
+++ b/module/VuFind/src/VuFind/Auth/ChoiceAuth.php
@@ -26,7 +26,7 @@
  * @link     http://vufind.org/wiki/vufind2:authentication_handlers Wiki
  */
 namespace VuFind\Auth;
-use VuFind\Exception\Auth as AuthException;
+use VuFind\Db\Row\User, VuFind\Exception\Auth as AuthException;
 use Zend\Http\PhpEnvironment\Request;
 
 /**
@@ -126,7 +126,7 @@ class ChoiceAuth extends AbstractBase
      * @param Request $request Request object containing account credentials.
      *
      * @throws AuthException
-     * @return \VuFind\Db\Row\User Object representing logged-in user.
+     * @return User Object representing logged-in user.
      */
     public function authenticate($request)
     {
@@ -139,7 +139,7 @@ class ChoiceAuth extends AbstractBase
      * @param Request $request Request object containing new account details.
      *
      * @throws AuthException
-     * @return \VuFind\Db\Row\User New user row.
+     * @return User New user row.
      */
     public function create($request)
     {
@@ -244,7 +244,7 @@ class ChoiceAuth extends AbstractBase
      * @param Request $request Request object containing password change details.
      *
      * @throws AuthException
-     * @return \VuFind\Db\Row\User New user row.
+     * @return User New user row.
      */
     public function updatePassword($request)
     {
@@ -333,4 +333,28 @@ class ChoiceAuth extends AbstractBase
             }
         }
     }
+
+    /**
+     * Validate the credentials in the provided request, but do not change the state
+     * of the current logged-in user. Return true for valid credentials, false
+     * otherwise.
+     *
+     * @param \Zend\Http\PhpEnvironment\Request $request Request object containing
+     * account credentials.
+     *
+     * @throws AuthException
+     * @return bool
+     */
+    public function validateCredentials($request)
+    {
+        try {
+            // In this instance we are checking credentials but do not wish to
+            // change the state of the current object. Thus, we use proxyAuthMethod()
+            // here instead of proxyUserLoad().
+            $user = $this->proxyAuthMethod('authenticate', func_get_args());
+        } catch (AuthException $e) {
+            return false;
+        }
+        return isset($user) && $user instanceof User;
+    }
 }
diff --git a/module/VuFind/src/VuFind/Auth/Manager.php b/module/VuFind/src/VuFind/Auth/Manager.php
index 8117f579df92c77a35336d9d34cbb74530279892..ad4e7112dd39954175b4f4d2a9318b367922274e 100644
--- a/module/VuFind/src/VuFind/Auth/Manager.php
+++ b/module/VuFind/src/VuFind/Auth/Manager.php
@@ -502,4 +502,19 @@ class Manager
             );
         }
     }
+    /**
+     * Validate the credentials in the provided request, but do not change the state
+     * of the current logged-in user. Return true for valid credentials, false
+     * otherwise.
+     *
+     * @param \Zend\Http\PhpEnvironment\Request $request Request object containing
+     * account credentials.
+     *
+     * @throws AuthException
+     * @return bool
+     */
+    public function validateCredentials($request)
+    {
+        return $this->getAuth()->validateCredentials($request);
+    }
 }
diff --git a/module/VuFind/src/VuFind/Controller/MyResearchController.php b/module/VuFind/src/VuFind/Controller/MyResearchController.php
index dbf51132e209837f9e6f2ddac29243e4b7ed7461..f71351de5d2c98430946546b1ac12a6428ad43ad 100644
--- a/module/VuFind/src/VuFind/Controller/MyResearchController.php
+++ b/module/VuFind/src/VuFind/Controller/MyResearchController.php
@@ -1291,18 +1291,15 @@ class MyResearchController extends AbstractBase
         // Verify old password if we're logged in
         if ($this->getUser()) {
             if (isset($post->oldpwd)) {
-                try {
-                    // Reassign oldpwd to password in the request so login works
-                    $temp_password = $post->password;
-                    $post->password = $post->oldpwd;
-                    $this->getAuthManager()->login($request);
-                    $post->password = $temp_password;
-                } catch(AuthException $e) {
-                    $this->flashMessenger()->setNamespace('error')
-                        ->addMessage($e->getMessage());
-                    return $view;
-                }
+                // Reassign oldpwd to password in the request so login works
+                $tempPassword = $post->password;
+                $post->password = $post->oldpwd;
+                $valid = $this->getAuthManager()->validateCredentials($request);
+                $post->password = $tempPassword;
             } else {
+                $valid = false;
+            }
+            if (!$valid) {
                 $this->flashMessenger()->setNamespace('error')
                     ->addMessage('authentication_error_invalid');
                 $view->verifyold = true;