diff --git a/core/api/views/objects/user.py b/core/api/views/objects/user.py
index e647cbf7..1cc5bb44 100644
--- a/core/api/views/objects/user.py
+++ b/core/api/views/objects/user.py
@@ -137,24 +137,17 @@ class NewSerializer(serializers.ModelSerializer):
         max_length=30,
         required=True,
     )
-    password = serializers.CharField(required=True)
-
+    password = serializers.CharField(required=True, write_only=True)
     # Default `create` and `update` behavior...
     def create(self, validated_data) -> User:
-        user = User()
-        keys = [
-            "first_name",
-            "last_name",
-            "graduating_year",
-            "email",
-            "username",
-            "password",
-        ]
-        for key in keys:
-            setattr(user, key, validated_data[key])
+        password =  validated_data.pop("password")
+        user = User(**validated_data)
         if validated_data["email"].endswith(settings.TEACHER_EMAIL_SUFFIX):
             user.is_teacher = True
+        user.set_password(password)
         user.save()
+        # if Group.objects.filter(name="Supervisors").exists():
+        #     user.groups.add(Group.objects.get(name="Supervisors"))
         return user
 
     class Meta:
@@ -168,8 +161,6 @@ class Meta:
             "password",
             "bio",
             "timezone",
-            "organizations",
-            "tags_following",
         ]
 
 
diff --git a/core/models/post.py b/core/models/post.py
index 253cfb05..8a43ce52 100644
--- a/core/models/post.py
+++ b/core/models/post.py
@@ -38,7 +38,7 @@ class PostInteraction(models.Model):
         settings.AUTH_USER_MODEL,
         null=True,
         blank=True,
-        on_delete=models.SET("[deleted]"),
+        on_delete=models.SET(None),
     )
 
     created_at = models.DateTimeField(auto_now_add=True, null=True)
diff --git a/metropolis/settings.py b/metropolis/settings.py
index f0cf66e6..2492cf01 100644
--- a/metropolis/settings.py
+++ b/metropolis/settings.py
@@ -255,7 +255,6 @@
 
 
 # SSO (OAuth) Settings
-PKCE_REQUIRED = False
 CLEAR_EXPIRED_TOKENS_BATCH_INTERVAL = 5
 CLEAR_EXPIRED_TOKENS_BATCH_SIZE = 500
 
@@ -472,10 +471,11 @@
 SILENCED_SYSTEM_CHECKS = ["urls.W002"]
 
 HIJACK_PERMISSION_CHECK = "core.utils.hijack.hijack_permissions_check"
+
 ALLOWED_HIJACKERS = [746, 165]  # Jason Cameron & Ken Shibata
 
 
-DEFAULT_TIMEZONE = "UTC"
+DEFAULT_TIMEZONE = "America/Toronto" # default timezone for users
 
 ANNOUNCEMENT_APPROVAL_BCC_LIST = []