diff --git a/api/routes/authenticate.js b/api/routes/authenticate.js
index f778c08..e93baa5 100644
--- a/api/routes/authenticate.js
+++ b/api/routes/authenticate.js
@@ -47,7 +47,7 @@ authenticate.route('/')
 let authCheck = (username, password, res) => {
   const deferred = Q.defer();
 
-  AppUserModel.findOne({username: username}).populate('squad').exec((err, user) => {
+  AppUserModel.findOne({username: username.toLowerCase()}).populate('squad').exec((err, user) => {
     if (err) deferred.reject(err.name + ': ' + err.message);
 
     const diff = 7 * 60 * 24; // time till expiration [minutes]
@@ -96,7 +96,7 @@ let create = (userParam) => {
 
   // validation
   AppUserModel.findOne(
-    {username: userParam.username},
+    {username: userParam.username.toLowerCase()},
     (err, user) => {
       if (err) deferred.reject(err.name + ': ' + err.message);
 
@@ -114,6 +114,7 @@ let create = (userParam) => {
 
     // add hashed password to user object
     user.password = bcrypt.hashSync(userParam.password, 10);
+    user.username = user.username.toLowerCase();
 
     const newUser = new AppUserModel(user);
     newUser.save((err, doc) => {