diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php
index 6b41328ef84..a92673768bc 100644
--- a/htdocs/adherents/class/adherent.class.php
+++ b/htdocs/adherents/class/adherent.class.php
@@ -848,7 +848,7 @@ class Adherent extends CommonObject
 			if (!$error && $this->pass) {
 				dol_syslog(get_class($this)."::update update password");
 				if ($this->pass != $this->pass_indatabase && $this->pass != $this->pass_indatabase_crypted) {
-					$isencrypted = !getDolGlobalString('DATABASE_PWD_ENCRYPTED') ? 0 : 1;
+					$isencrypted = getDolGlobalString('DATABASE_PWD_ENCRYPTED') ? 1 : 0;
 
 					// If password to set differs from the one found into database
 					$result = $this->setPassword($user, $this->pass, $isencrypted, $notrigger, $nosyncuserpass);
diff --git a/htdocs/admin/security.php b/htdocs/admin/security.php
index de1ef515b1d..d4539dabb34 100644
--- a/htdocs/admin/security.php
+++ b/htdocs/admin/security.php
@@ -39,7 +39,7 @@ if (!$user->admin) {
 }
 
 // Allow/Disallow change to clear passwords once passwords are encrypted
-$allow_disable_encryption = true;
+$allow_disable_encryption = false;
 
 
 /*
@@ -102,8 +102,7 @@ if ($action == 'activate_encrypt') {
 		dol_print_error($db, '');
 	}
 } elseif ($action == 'disable_encrypt') {
-	//On n'autorise pas l'annulation de l'encryption car les mots de passe ne peuvent pas etre decodes
-	//Do not allow "disable encryption" as passwords cannot be decrypted
+	// By default, $allow_disable_encryption is false we do not allow to disable encryption because passwords can't be decoded once encrypted.
 	if ($allow_disable_encryption) {
 		dolibarr_del_const($db, "DATABASE_PWD_ENCRYPTED", $conf->entity);
 	}
@@ -411,17 +410,14 @@ if (!getDolGlobalString('DATABASE_PWD_ENCRYPTED')) {
 	print '<td class="center" width="100">';
 	print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?action=activate_encrypt&token='.newToken().'">'.$langs->trans("Activate").'</a>';
 	print "</td>";
-}
-
-// Database conf file encryption
-if (getDolGlobalString('DATABASE_PWD_ENCRYPTED')) {
+} else {
 	print '<td class="center" width="100">';
 	if ($allow_disable_encryption) {
 		//On n'autorise pas l'annulation de l'encryption car les mots de passe ne peuvent pas etre decodes
 		//Do not allow "disable encryption" as passwords cannot be decrypted
 		print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?action=disable_encrypt&token='.newToken().'">'.$langs->trans("Disable").'</a>';
 	} else {
-		print '-';
+		print '<span class="opacitymedium">'.$langs->trans("Always").'</span>';
 	}
 	print "</td>";
 }
diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang
index 17cffe3cc60..0a110612f4c 100644
--- a/htdocs/langs/en_US/admin.lang
+++ b/htdocs/langs/en_US/admin.lang
@@ -250,7 +250,7 @@ Required=Required
 UsedOnlyWithTypeOption=Used by some agenda option only
 Security=Security
 Passwords=Passwords
-DoNotStoreClearPassword=Encrypt passwords stored in database (NOT as plain-text). It is strongly recommended to activate this option.
+DoNotStoreClearPassword=Encrypt passwords stored in database.
 MainDbPasswordFileConfEncrypted=Encrypt database password stored in conf.php. It is strongly recommended to activate this option.
 InstrucToEncodePass=To have password encoded into the <b>conf.php</b> file, replace the line <br><b>$dolibarr_main_db_pass="...";</b><br>by<br><b>$dolibarr_main_db_pass="crypted:%s";</b>
 InstrucToClearPass=To have password decoded (clear) into the <b>conf.php</b> file, replace the line <br><b>$dolibarr_main_db_pass="crypted:...";</b><br>by<br><b>$dolibarr_main_db_pass="%s";</b>