diff --git a/src/main/java/ch/ethz/seb/sebserver/gbl/model/user/PasswordChange.java b/src/main/java/ch/ethz/seb/sebserver/gbl/model/user/PasswordChange.java
index 42dc2e01..a949de78 100644
--- a/src/main/java/ch/ethz/seb/sebserver/gbl/model/user/PasswordChange.java
+++ b/src/main/java/ch/ethz/seb/sebserver/gbl/model/user/PasswordChange.java
@@ -32,23 +32,23 @@ public class PasswordChange implements Entity {
 
     @NotEmpty(message = "user:password:notNull")
     @JsonProperty(ATTR_NAME_PASSWORD)
-    private final String password;
+    private final CharSequence password;
 
     @NotEmpty(message = "user:newPassword:notNull")
     @Size(min = 8, max = 255, message = "user:newPassword:size:{min}:{max}:${validatedValue}")
     @JsonProperty(ATTR_NAME_NEW_PASSWORD)
-    private final String newPassword;
+    private final CharSequence newPassword;
 
     @NotEmpty(message = "user:confirmNewPassword:notNull")
     @JsonProperty(ATTR_NAME_CONFIRM_NEW_PASSWORD)
-    private final String confirmNewPassword;
+    private final CharSequence confirmNewPassword;
 
     @JsonCreator
     public PasswordChange(
             @JsonProperty(USER.ATTR_UUID) final String userId,
-            @JsonProperty(ATTR_NAME_PASSWORD) final String password,
-            @JsonProperty(ATTR_NAME_NEW_PASSWORD) final String newPassword,
-            @JsonProperty(ATTR_NAME_CONFIRM_NEW_PASSWORD) final String confirmNewPassword) {
+            @JsonProperty(ATTR_NAME_PASSWORD) final CharSequence password,
+            @JsonProperty(ATTR_NAME_NEW_PASSWORD) final CharSequence newPassword,
+            @JsonProperty(ATTR_NAME_CONFIRM_NEW_PASSWORD) final CharSequence confirmNewPassword) {
 
         this.userId = userId;
         this.password = password;
@@ -56,15 +56,15 @@ public class PasswordChange implements Entity {
         this.confirmNewPassword = confirmNewPassword;
     }
 
-    public String getPassword() {
+    public CharSequence getPassword() {
         return this.password;
     }
 
-    public String getNewPassword() {
+    public CharSequence getNewPassword() {
         return this.newPassword;
     }
 
-    public String getConfirmNewPassword() {
+    public CharSequence getConfirmNewPassword() {
         return this.confirmNewPassword;
     }
 
diff --git a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/dao/impl/ExamDAOImpl.java b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/dao/impl/ExamDAOImpl.java
index 3194a66d..cc80acbe 100644
--- a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/dao/impl/ExamDAOImpl.java
+++ b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/dao/impl/ExamDAOImpl.java
@@ -187,7 +187,7 @@ public class ExamDAOImpl implements ExamDAO {
                 .map(examRecord -> {
                     if (BooleanUtils.isTrue(BooleanUtils.toBooleanObject(examRecord.getUpdating()))) {
                         if (!updateId.equals(examRecord.getLastupdate())) {
-                            throw new IllegalStateException("Exam is currently locked: " + examRecord);
+                            throw new IllegalStateException("Exam is currently locked: " + examRecord.getExternalId());
                         }
                     }
 
@@ -212,7 +212,7 @@ public class ExamDAOImpl implements ExamDAO {
             // check internal persistent write-lock
             final ExamRecord oldRecord = this.examRecordMapper.selectByPrimaryKey(exam.id);
             if (BooleanUtils.isTrue(BooleanUtils.toBooleanObject(oldRecord.getUpdating()))) {
-                throw new IllegalStateException("Exam is currently locked: " + exam);
+                throw new IllegalStateException("Exam is currently locked: " + exam.externalId);
             }
 
             final ExamRecord examRecord = new ExamRecord(
@@ -450,7 +450,8 @@ public class ExamDAOImpl implements ExamDAO {
 
             // consistency check
             if (BooleanUtils.isTrue(BooleanUtils.toBooleanObject(examRec.getUpdating()))) {
-                throw new IllegalStateException("Exam to end update is not in expected state: " + examRec);
+                throw new IllegalStateException(
+                        "Exam to end update is not in expected state: " + examRec.getExternalId());
             }
 
             final ExamRecord newRecord = new ExamRecord(
@@ -480,7 +481,8 @@ public class ExamDAOImpl implements ExamDAO {
             if (BooleanUtils.isFalse(BooleanUtils.toBooleanObject(examRec.getUpdating()))
                     || !updateId.equals(examRec.getLastupdate())) {
 
-                throw new IllegalStateException("Exam to end update is not in expected state: " + examRec);
+                throw new IllegalStateException(
+                        "Exam to end update is not in expected state: " + examRec.getExternalId());
             }
 
             final ExamRecord newRecord = new ExamRecord(
diff --git a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/sebconfig/impl/ExamConfigXMLParser.java b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/sebconfig/impl/ExamConfigXMLParser.java
index 436aecc9..57ce32da 100644
--- a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/sebconfig/impl/ExamConfigXMLParser.java
+++ b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/sebconfig/impl/ExamConfigXMLParser.java
@@ -86,7 +86,7 @@ public class ExamConfigXMLParser extends DefaultHandler {
     private static final Set<String> KNOWN_INLINE_TABLES = new HashSet<>(Arrays.asList(
             "arguments"));
 
-    public static final Set<String> PASSWORD_ATTRIBUTES = new HashSet<>(Arrays.asList(
+    public static final Set<String> SECRET_ATTRIBUTES = new HashSet<>(Arrays.asList(
             "hashedQuitPassword",
             "hashedAdminPassword"));
 
@@ -443,7 +443,7 @@ public class ExamConfigXMLParser extends DefaultHandler {
             return null;
         }
 
-        if (PASSWORD_ATTRIBUTES.contains(name)) {
+        if (SECRET_ATTRIBUTES.contains(name)) {
             // NOTE this is a special case, if a hashed password is imported it is not possible to view this password
             //      later in plain text to the administrator. Therefore this password hash is marked here as imported
             //      and internally encrypted as usual. So the password will be decrypted while viewing and is recognizable
diff --git a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/sebconfig/impl/converter/StringConverter.java b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/sebconfig/impl/converter/StringConverter.java
index e372d66b..140c3ccb 100644
--- a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/sebconfig/impl/converter/StringConverter.java
+++ b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/sebconfig/impl/converter/StringConverter.java
@@ -111,7 +111,7 @@ public class StringConverter implements AttributeValueConverter {
             out.write(Utils.toByteArray(String.format(
                     template,
                     realName,
-                    convertPassword(realName, value))));
+                    convertSecret(realName, value))));
         } else {
             out.write(Utils.toByteArray(String.format(
                     emptyTemplate,
@@ -119,7 +119,7 @@ public class StringConverter implements AttributeValueConverter {
         }
     }
 
-    private CharSequence convertPassword(
+    private CharSequence convertSecret(
             final String attributeName,
             final String value) {
 
@@ -127,7 +127,7 @@ public class StringConverter implements AttributeValueConverter {
             return value;
         }
 
-        if (!ExamConfigXMLParser.PASSWORD_ATTRIBUTES.contains(attributeName)) {
+        if (!ExamConfigXMLParser.SECRET_ATTRIBUTES.contains(attributeName)) {
             return value;
         }