diff --git a/common/models/user.js b/common/models/user.js
index 69d94710..434afcd0 100644
--- a/common/models/user.js
+++ b/common/models/user.js
@@ -863,10 +863,10 @@ module.exports = function(User) {
     next();
   });
 
-  // Delete old sessions once email is updated
-  User.observe('before save', function beforeEmailUpdate(ctx, next) {
+  User.observe('before save', function prepareForTokenInvalidation(ctx, next) {
     if (ctx.isNewInstance) return next();
     if (!ctx.where && !ctx.instance) return next();
+
     var pkName = ctx.Model.definition.idName() || 'id';
     var where = ctx.where;
     if (!where) {
@@ -874,23 +874,13 @@ module.exports = function(User) {
       where[pkName] = ctx.instance[pkName];
     }
 
-    var isPartialUpdateChangingPassword = ctx.data && 'password' in ctx.data;
-
-    // Full replace of User instance => assume password change.
-    // HashPassword returns a different value for each invocation,
-    // therefore we cannot tell whether ctx.instance.password is the same
-    // or not.
-    var isFullReplaceChangingPassword = !!ctx.instance;
-
-    ctx.hookState.isPasswordChange = isPartialUpdateChangingPassword ||
-      isFullReplaceChangingPassword;
-
     ctx.Model.find({where: where}, function(err, userInstances) {
       if (err) return next(err);
       ctx.hookState.originalUserData = userInstances.map(function(u) {
         var user = {};
         user[pkName] = u[pkName];
-        user['email'] = u['email'];
+        user.email = u.email;
+        user.password = u.password;
         return user;
       });
       var emailChanged;
@@ -912,18 +902,19 @@ module.exports = function(User) {
     });
   });
 
-  User.observe('after save', function afterEmailUpdate(ctx, next) {
+  User.observe('after save', function invalidateOtherTokens(ctx, next) {
     if (!ctx.instance && !ctx.data) return next();
     if (!ctx.hookState.originalUserData) return next();
 
     var pkName = ctx.Model.definition.idName() || 'id';
     var newEmail = (ctx.instance || ctx.data).email;
-    var isPasswordChange = ctx.hookState.isPasswordChange;
+    var newPassword = (ctx.instance || ctx.data).password;
 
-    if (!newEmail && !isPasswordChange) return next();
+    if (!newEmail && !newPassword) return next();
 
     var userIdsToExpire = ctx.hookState.originalUserData.filter(function(u) {
-      return (newEmail && u.email !== newEmail) || isPasswordChange;
+      return (newEmail && u.email !== newEmail) ||
+        (newPassword && u.password !== newPassword);
     }).map(function(u) {
       return u[pkName];
     });
diff --git a/test/user.test.js b/test/user.test.js
index 5ba640ab..4f5ba5e0 100644
--- a/test/user.test.js
+++ b/test/user.test.js
@@ -2107,6 +2107,13 @@ describe('User', function() {
       });
     });
 
+    it('keeps sessions AS IS when calling save() with no changes', function(done) {
+      user.save(function(err) {
+        if (err) return done(err);
+        assertPreservedTokens(done);
+      });
+    });
+
     it('keeps sessions AS IS if firstName is added using `updateOrCreate`', function(done) {
       User.updateOrCreate({
         pk: user.pk,