diff --git a/authserv/auth.py b/authserv/auth.py
index f62993ab66ec650742080f78c4156ca2bc946f4c..904631eab9aef54af40d562b079db709e1bf9816 100644
--- a/authserv/auth.py
+++ b/authserv/auth.py
@@ -1,10 +1,11 @@
 import crypt
+from werkzeug.security import safe_str_cmp
 from authserv.oath import accept_totp
 from authserv import protocol
 
 
 def _check_main_password(userpw, password):
-    if crypt.crypt(password, userpw) == userpw:
+    if safe_str_cmp(crypt.crypt(password, userpw), userpw):
         return protocol.OK
     else:
         return protocol.ERR_AUTHENTICATION_FAILURE
@@ -12,7 +13,7 @@ def _check_main_password(userpw, password):
 
 def _check_app_specific_password(asps, password):
     for app_pw in asps:
-        if crypt.crypt(password, app_pw) == app_pw:
+        if safe_str_cmp(crypt.crypt(password, app_pw), app_pw):
             return protocol.OK
     return protocol.ERR_AUTHENTICATION_FAILURE