diff --git a/app/templates/server/api/user(auth)/user.controller.js b/app/templates/server/api/user(auth)/user.controller.js
index ad30b5b3b..732b0b372 100644
--- a/app/templates/server/api/user(auth)/user.controller.js
+++ b/app/templates/server/api/user(auth)/user.controller.js
@@ -32,7 +32,7 @@ function respondWith(res, statusCode) {
  * restriction: 'admin'
  */
 exports.index = function(req, res) {
-  <% if (filters.mongooseModels) { %>User.findAsync({}, '-salt -hashedPassword')<% }
+  <% if (filters.mongooseModels) { %>User.findAsync({}, '-salt')<% }
      if (filters.sequelizeModels) { %>User.findAll({
     attributes: [
       '_id',
@@ -141,7 +141,7 @@ exports.changePassword = function(req, res, next) {
 exports.me = function(req, res, next) {
   var userId = req.user._id;
 
-  <% if (filters.mongooseModels) { %>User.findOneAsync({ _id: userId }, '-salt -hashedPassword')<% }
+  <% if (filters.mongooseModels) { %>User.findOneAsync({ _id: userId }, '-salt')<% }
      if (filters.sequelizeModels) { %>User.find({
     where: {
       _id: userId