diff --git a/services/identity/src/grpc_services/authenticated.rs b/services/identity/src/grpc_services/authenticated.rs
--- a/services/identity/src/grpc_services/authenticated.rs
+++ b/services/identity/src/grpc_services/authenticated.rs
@@ -381,6 +381,16 @@
 
     debug!("Attempting to delete wallet user: {}", user_id);
 
+    let maybe_username_and_password_file = self
+      .db_client
+      .get_username_and_password_file(&user_id)
+      .await
+      .map_err(handle_db_error)?;
+
+    if maybe_username_and_password_file.is_some() {
+      return Err(tonic::Status::permission_denied("password user"));
+    }
+
     self
       .db_client
       .delete_user(user_id)