My guess is that one of two things go wrong:
If you are saving the password in the System/User.password-attribute, it should get stored as a hash-value. I expect that there is no way to get a plain text value stored in a database field System/User.password because it is a type HashedString, but you might want to double-check that the value of System/User.password actually changes and is still BCrypt value. Now check this again while using the standard change password routine. Provided that you pass the same password, the new value in the database should be the same hash-value.
Doing the above test will also tell you if your microflow is saving the password to the correct entity and attribute.
Bytheway, I advise using module SystemManagement instead of Administration for about 16 reasons. But that is a different story.
Have you checked the security? There is an XPath constraint there for the current user.
Solution was slightly different. When adding a default user role logging in was possible. So nothing to do with the password. Problem solved.