diff --git a/src/gpasswd.c b/src/gpasswd.c
index 5983f787..b372de47 100644
--- a/src/gpasswd.c
+++ b/src/gpasswd.c
@@ -887,24 +887,24 @@ static void change_passwd (struct group *gr)
 	printf (_("Changing the password for group %s\n"), group);
 
 	for (retries = 0; retries < RETRIES; retries++) {
-		cp = getpass (_("New Password: "));
+		cp = agetpass (_("New Password: "));
 		if (NULL == cp) {
 			exit (1);
 		}
 
 		STRFCPY (pass, cp);
-		strzero (cp);
-		cp = getpass (_("Re-enter new password: "));
+		erase_pass (cp);
+		cp = agetpass (_("Re-enter new password: "));
 		if (NULL == cp) {
 			exit (1);
 		}
 
 		if (strcmp (pass, cp) == 0) {
-			strzero (cp);
+			erase_pass (cp);
 			break;
 		}
 
-		strzero (cp);
+		erase_pass (cp);
 		memzero (pass, sizeof pass);
 
 		if (retries + 1 < RETRIES) {
diff --git a/src/newgrp.c b/src/newgrp.c
index 99820832..966c25dd 100644
--- a/src/newgrp.c
+++ b/src/newgrp.c
@@ -158,7 +158,7 @@ static void check_perms (const struct group *grp,
 		 * get the password from her, and set the salt for
 		 * the decryption from the group file.
 		 */
-		cp = getpass (_("Password: "));
+		cp = agetpass (_("Password: "));
 		if (NULL == cp) {
 			goto failure;
 		}
@@ -169,7 +169,7 @@ static void check_perms (const struct group *grp,
 		 * must match the previously encrypted value in the file.
 		 */
 		cpasswd = pw_encrypt (cp, grp->gr_passwd);
-		strzero (cp);
+		erase_pass (cp);
 
 		if (NULL == cpasswd) {
 			fprintf (stderr,
diff --git a/src/passwd.c b/src/passwd.c
index 8c6f81a9..c729a14a 100644
--- a/src/passwd.c
+++ b/src/passwd.c
@@ -186,7 +186,7 @@ static int new_password (const struct passwd *pw)
 	char *clear;		/* Pointer to clear text */
 	char *cipher;		/* Pointer to cipher text */
 	const char *salt;	/* Pointer to new salt */
-	char *cp;		/* Pointer to getpass() response */
+	char *cp;		/* Pointer to agetpass() response */
 	char orig[200];		/* Original password */
 	char pass[200];		/* New password */
 	int i;			/* Counter for retries */
@@ -204,7 +204,7 @@ static int new_password (const struct passwd *pw)
 	 */
 
 	if (!amroot && ('\0' != crypt_passwd[0])) {
-		clear = getpass (_("Old password: "));
+		clear = agetpass (_("Old password: "));
 		if (NULL == clear) {
 			return -1;
 		}
@@ -212,7 +212,7 @@ static int new_password (const struct passwd *pw)
 		cipher = pw_encrypt (clear, crypt_passwd);
 
 		if (NULL == cipher) {
-			strzero (clear);
+			erase_pass (clear);
 			fprintf (stderr,
 			         _("%s: failed to crypt password with previous salt: %s\n"),
 			         Prog, strerror (errno));
@@ -223,7 +223,7 @@ static int new_password (const struct passwd *pw)
 		}
 
 		if (strcmp (cipher, crypt_passwd) != 0) {
-			strzero (clear);
+			erase_pass (clear);
 			strzero (cipher);
 			SYSLOG ((LOG_WARN, "incorrect password for %s",
 			         pw->pw_name));
@@ -234,7 +234,7 @@ static int new_password (const struct passwd *pw)
 			return -1;
 		}
 		STRFCPY (orig, clear);
-		strzero (clear);
+		erase_pass (clear);
 		strzero (cipher);
 	} else {
 		orig[0] = '\0';
@@ -286,7 +286,7 @@ static int new_password (const struct passwd *pw)
 
 	warned = false;
 	for (i = getdef_num ("PASS_CHANGE_TRIES", 5); i > 0; i--) {
-		cp = getpass (_("New password: "));
+		cp = agetpass (_("New password: "));
 		if (NULL == cp) {
 			memzero (orig, sizeof orig);
 			memzero (pass, sizeof pass);
@@ -296,7 +296,7 @@ static int new_password (const struct passwd *pw)
 			warned = false;
 		}
 		STRFCPY (pass, cp);
-		strzero (cp);
+		erase_pass (cp);
 
 		if (!amroot && (!obscure (orig, pass, pw) || reuse (pass, pw))) {
 			(void) puts (_("Try again."));
@@ -314,16 +314,17 @@ static int new_password (const struct passwd *pw)
 			warned = true;
 			continue;
 		}
-		cp = getpass (_("Re-enter new password: "));
+		cp = agetpass (_("Re-enter new password: "));
 		if (NULL == cp) {
 			memzero (orig, sizeof orig);
 			memzero (pass, sizeof pass);
 			return -1;
 		}
 		if (strcmp (cp, pass) != 0) {
+			erase_pass (cp);
 			(void) fputs (_("They don't match; try again.\n"), stderr);
 		} else {
-			strzero (cp);
+			erase_pass (cp);
 			break;
 		}
 	}
diff --git a/src/sulogin.c b/src/sulogin.c
index 9bad438e..65b74da4 100644
--- a/src/sulogin.c
+++ b/src/sulogin.c
@@ -182,7 +182,7 @@ static void catch_signals (unused int sig)
 		 */
 
 		/* get a password for root */
-		cp = getpass (_(
+		cp = agetpass (_(
 "\n"
 "Type control-d to proceed with normal startup,\n"
 "(or give root password for system maintenance):"));
@@ -193,6 +193,7 @@ static void catch_signals (unused int sig)
 		 * --marekm
 		 */
 		if ((NULL == cp) || ('\0' == *cp)) {
+			erase_pass (cp);
 #ifdef	USE_SYSLOG
 			SYSLOG (LOG_INFO, "Normal startup\n");
 			closelog ();
@@ -204,7 +205,8 @@ static void catch_signals (unused int sig)
 			exit (0);
 		}
 		STRFCPY (pass, cp);
-		strzero (cp);
+		erase_pass (cp);
+
 		if (valid (pass, &pwent)) {	/* check encrypted passwords ... */
 			break;	/* ... encrypted passwords matched */
 		}