diff --git a/Pipfile b/Pipfile
index f3fc2a8e..041b0ad3 100644
--- a/Pipfile
+++ b/Pipfile
@@ -23,7 +23,7 @@ name = "pypi"
 # 5. Run `pipenv install --dev` in your terminal.
 
 [packages]
-codeforlife = {ref = "v0.18.6", git = "https://github.com/ocadotechnology/codeforlife-package-python.git"}
+codeforlife = {ref = "portal-frontend-50", git = "https://github.com/ocadotechnology/codeforlife-package-python.git"}
 # 🚫 Don't add [packages] below that are inherited from the CFL package.
 pyjwt = "==2.6.0" # TODO: upgrade to latest version
 # TODO: Needed by RR. Remove when RR has moved to new system.
@@ -32,7 +32,7 @@ django-sekizai = "==2.0.0"
 django-classy-tags = "==2.0.0"
 
 [dev-packages]
-codeforlife = {ref = "v0.18.6", git = "https://github.com/ocadotechnology/codeforlife-package-python.git", extras = ["dev"]}
+codeforlife = {ref = "portal-frontend-50", git = "https://github.com/ocadotechnology/codeforlife-package-python.git", extras = ["dev"]}
 # codeforlife = {file = "../codeforlife-package-python", editable = true, extras = ["dev"]}
 # 🚫 Don't add [dev-packages] below that are inherited from the CFL package.
 
diff --git a/Pipfile.lock b/Pipfile.lock
index c5c1b17e..a56d65b5 100644
--- a/Pipfile.lock
+++ b/Pipfile.lock
@@ -1,7 +1,7 @@
 {
     "_meta": {
         "hash": {
-            "sha256": "4e182be83f2aa47c319dbc5b930bfe226faaf6574f7d4c9b076e28eb49483234"
+            "sha256": "9fbd806513b117a20b954e1abec1968f016adf10bfd19d422b60739d78c43bb1"
         },
         "pipfile-spec": 6,
         "requires": {
@@ -137,7 +137,7 @@
         },
         "codeforlife": {
             "git": "https://github.com/ocadotechnology/codeforlife-package-python.git",
-            "ref": "aacceba63189bbe3ace6848d7ef94ae45e0c9b03"
+            "ref": "96c91ff6149b8b7976321c6e4912028cde1fb403"
         },
         "codeforlife-portal": {
             "hashes": [
@@ -947,7 +947,7 @@
         },
         "codeforlife": {
             "git": "https://github.com/ocadotechnology/codeforlife-package-python.git",
-            "ref": "aacceba63189bbe3ace6848d7ef94ae45e0c9b03"
+            "ref": "96c91ff6149b8b7976321c6e4912028cde1fb403"
         },
         "codeforlife-portal": {
             "hashes": [
diff --git a/src/api/serializers/student.py b/src/api/serializers/student.py
index d527859e..265d0b39 100644
--- a/src/api/serializers/student.py
+++ b/src/api/serializers/student.py
@@ -145,11 +145,11 @@ def to_representation(self, instance):
         representation = super().to_representation(instance)
 
         # Return student's auto-generated password.
-        # pylint: disable-next=protected-access
-        password = instance.new_user._password
-        if password is not None:
+        password = getattr(instance.new_user, "_password", None)
+        auto_gen_password = getattr(instance.new_user, "_login_id", None)
+        if password is not None and auto_gen_password is not None:
             representation["user"]["password"] = password
-            representation["login_id"] = instance.login_id
+            representation["auto_gen_password"] = auto_gen_password
 
         return representation
 
diff --git a/src/api/serializers/student_test.py b/src/api/serializers/student_test.py
index de1c3ddf..ac643611 100644
--- a/src/api/serializers/student_test.py
+++ b/src/api/serializers/student_test.py
@@ -304,7 +304,7 @@ def test_update_many(self):
                             "new_user": {
                                 "password": user_make_password.return_value
                             },
-                            "login_id": get_random_login_id.return_value,
+                            "login_id": get_random_login_id.return_value[1],
                         }
                     ],
                 )
diff --git a/src/api/views/student_test.py b/src/api/views/student_test.py
index 43ddd2d9..fe52f4e1 100644
--- a/src/api/views/student_test.py
+++ b/src/api/views/student_test.py
@@ -17,6 +17,9 @@
     User,
 )
 from codeforlife.user.permissions import IsTeacher
+from common.helpers.generators import (  # type: ignore[import-untyped]
+    get_hashed_login_id,
+)
 
 from ..serializers import (
     CreateStudentSerializer,
@@ -81,18 +84,20 @@ def assert_passwords(
         for student_fields in response_json:
             assert isinstance(student_fields, dict)
 
-            login_id = student_fields["login_id"]
-            assert isinstance(login_id, str) and login_id
+            auto_gen_password = student_fields["auto_gen_password"]
+            assert isinstance(auto_gen_password, str) and auto_gen_password
 
             student_id = student_fields["id"]
             assert isinstance(student_id, int)
             student = student_lookup[student_id]
 
-            login_id_is_valid = student.login_id == login_id
+            auto_gen_password_is_valid = (
+                student.login_id == get_hashed_login_id(auto_gen_password)
+            )
             if are_valid:
-                assert login_id_is_valid
+                assert auto_gen_password_is_valid
             else:
-                assert not login_id_is_valid
+                assert not auto_gen_password_is_valid
 
             student_user_fields = student_fields["user"]
             assert isinstance(student_user_fields, dict)