diff --git a/membership/admin.py b/membership/admin.py
index f69ccbef..1e8d2ba8 100644
--- a/membership/admin.py
+++ b/membership/admin.py
@@ -1,20 +1,95 @@
+from django import forms
 from django.contrib import admin
+from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
+from django.contrib.auth.forms import ReadOnlyPasswordHashField
+
 from .models import CustomUser, StripeCustomer
-from django.contrib.auth.hashers import make_password
 
 
-class CustomUserAdmin(admin.ModelAdmin):
-    fields = ('password', 'user_permissions', 'email', 'is_admin')
+# Refer https://docs.djangoproject.com/en/2.0/topics/auth/customizing/
+# for understanding custom auth user model
 
-    def save_model(self, request, obj, form, change):
-        password = form.cleaned_data.get('password')
 
-        if not change:
-            obj.validation_slug = make_password(None)
+class UserCreationForm(forms.ModelForm):
+    """A form for creating new users. Includes all the required
+    fields, plus a repeated password."""
+    password1 = forms.CharField(label='Password', widget=forms.PasswordInput)
+    password2 = forms.CharField(label='Password confirmation',
+                                widget=forms.PasswordInput)
 
-        obj.set_password(password)
-        obj.save()
-        return obj
+    class Meta:
+        model = CustomUser
+        fields = ('email', 'user_permissions', 'email', 'is_admin')
+
+    def clean_password2(self):
+        # Check that the two password entries match
+        password1 = self.cleaned_data.get("password1")
+        password2 = self.cleaned_data.get("password2")
+        if password1 and password2 and password1 != password2:
+            raise forms.ValidationError("Passwords don't match")
+        return password2
+
+    def save(self, commit=True):
+        # Save the provided password in hashed format
+        user = super().save(commit=False)
+        user.set_password(self.cleaned_data["password1"])
+        if commit:
+            user.save()
+        return user
+
+
+class UserChangeForm(forms.ModelForm):
+    """A form for updating users. Includes all the fields on
+    the user, but replaces the password field with admin's
+    password hash display field.
+    """
+    password = ReadOnlyPasswordHashField(
+        label="Password",
+        help_text=(
+            "Raw passwords are not stored, so there is no way to see "
+            "this user's password, but you can change the password "
+            "using <a href=\"../password/\">this form</a>.")
+    )
+
+    class Meta:
+        model = CustomUser
+        fields = ('email', 'password', 'is_admin')
+
+    def clean_password(self):
+        # Regardless of what the user provides, return the initial value.
+        # This is done here, rather than on the field, because the
+        # field does not have access to the initial value
+        return self.initial["password"]
+
+
+class CustomUserAdmin(BaseUserAdmin):
+    # The forms to add and change user instances
+    form = UserChangeForm
+    add_form = UserCreationForm
+
+    # The fields to be used in displaying the User model.
+    # These override the definitions on the base UserAdmin
+    # that reference specific fields on auth.User.
+    list_display = (
+        'email', 'is_admin', 'is_superuser'
+    )
+    list_filter = ()
+    fieldsets = (
+        (None, {'fields': ('email', 'password')}),
+        ('Permissions', {'fields': ('is_admin', 'user_permissions',
+                                    'groups')}),
+    )
+    # add_fieldsets is not a standard ModelAdmin attribute. UserAdmin
+    # overrides get_fieldsets to use this attribute when creating a user.
+    add_fieldsets = (
+        (None, {
+            'classes': ('wide',),
+            'fields': ('email', 'password1', 'password2')}
+         ),
+    )
+    search_fields = ('email',)
+    ordering = ('email',)
+    filter_horizontal = ()
 
 
 admin.site.register(CustomUser, CustomUserAdmin)