diff --git a/lib/puppet/provider/user/pw.rb b/lib/puppet/provider/user/pw.rb
index a5988ca..f88351e 100644
--- a/lib/puppet/provider/user/pw.rb
+++ b/lib/puppet/provider/user/pw.rb
@@ -1,10 +1,11 @@
 require 'puppet/provider/nameservice/pw'
+require 'open3'
 
 Puppet::Type.type(:user).provide :pw, :parent => Puppet::Provider::NameService::PW do
   desc "User management via `pw` on FreeBSD."
 
   commands :pw => "pw"
-  has_features :manages_homedir, :allows_duplicates
+  has_features :manages_homedir, :allows_duplicates, :manages_passwords
 
   defaultfor :operatingsystem => :freebsd
 
@@ -37,5 +38,28 @@ Puppet::Type.type(:user).provide :pw, :parent => Puppet::Provider::NameService::
 
     cmd
   end
+
+  # use pw to update password hash
+  def password=(cryptopw)
+    Puppet.debug "change password for user '#{@resource[:name]}' method called with hash '#{cryptopw}'"
+    stdin, stdout, stderr = Open3.popen3("pw user mod #{@resource[:name]} -H 0")
+    stdin.puts(cryptopw)
+    stdin.close
+    Puppet.debug "finished password for user '#{@resource[:name]}' method called with hash '#{cryptopw}'"
+  end
+
+  # get password from /etc/master.passwd
+  def password
+    Puppet.debug "checking password for user '#{@resource[:name]}' method called"
+    current_password = nil
+    cmd = "grep '^#{@resource[:name]}:' /etc/master.passwd"
+    current_passline = `#{cmd}`
+    if current_passline
+      current_password = current_passline.chomp.split(':')[1]
+    end
+    Puppet.debug "finished password for user '#{@resource[:name]}' method called : '#{current_password}'"
+    current_password
+  end
+
 end