diff --git a/src/shadowbox/server/manager_service.spec.ts b/src/shadowbox/server/manager_service.spec.ts
index 52f73a9c..ccbc09eb 100644
--- a/src/shadowbox/server/manager_service.spec.ts
+++ b/src/shadowbox/server/manager_service.spec.ts
@@ -532,7 +532,16 @@ describe('ShadowsocksManagerService', () => {
             done();
           });
         });
-
+        it('rejects a password that is already in use', async (done) => {
+          const PASSWORD = 'foobar';
+          await repo.createNewAccessKey({password: PASSWORD});
+          const res = {send: SEND_NOTHING};
+          await serviceMethod({params: {id: accessKeyId, password: PASSWORD}}, res, (error) => {
+            expect(error.statusCode).toEqual(409);
+            responseProcessed = true; // required for afterEach to pass.
+            done();
+          });
+        });
         it('uses the default port for new keys when no port is provided', async (done) => {
           const res = {
             send: (httpCode, data) => {
diff --git a/src/shadowbox/server/manager_service.ts b/src/shadowbox/server/manager_service.ts
index 12721feb..24b37e2f 100644
--- a/src/shadowbox/server/manager_service.ts
+++ b/src/shadowbox/server/manager_service.ts
@@ -383,7 +383,10 @@ export class ShadowsocksManagerService {
       logging.error(error);
       if (error instanceof errors.InvalidCipher || error instanceof errors.InvalidPortNumber) {
         throw new restifyErrors.InvalidArgumentError({statusCode: 400}, error.message);
-      } else if (error instanceof errors.PortUnavailable) {
+      } else if (
+        error instanceof errors.PortUnavailable ||
+        error instanceof errors.PasswordConflict
+      ) {
         throw new restifyErrors.ConflictError(error.message);
       }
       throw error;