diff --git a/server/auth.go b/server/auth.go
index 724e2c74..0ab0e4cf 100644
--- a/server/auth.go
+++ b/server/auth.go
@@ -20,6 +20,7 @@ import (
 	"encoding/base64"
 	"fmt"
 	"net"
+	"regexp"
 	"strings"
 	"time"
 
@@ -736,11 +737,11 @@ func (s *Server) isLeafNodeAuthorized(c *client) bool {
 }
 
 // Support for bcrypt stored passwords and tokens.
-const bcryptPrefix = "$2a$"
+var validBcryptPrefix = regexp.MustCompile(`^\$2[a,b,x,y]{1}\$\d{2}\$.*`)
 
 // isBcrypt checks whether the given password or token is bcrypted.
 func isBcrypt(password string) bool {
-	return strings.HasPrefix(password, bcryptPrefix)
+	return validBcryptPrefix.MatchString(password)
 }
 
 func comparePasswords(serverPassword, clientPassword string) bool {