diff --git a/server.py b/server.py
index cb84bb7..cc89b6b 100644
--- a/server.py
+++ b/server.py
@@ -66,7 +66,7 @@ def protected(wrapped):
 )
 @validate(json=LoginRequest)
 async def login(request):
-    if pbkdf2_sha256(request.json['password']) != api_auth.get(request.json['username']):
+    if not pbkdf2_sha256(10000, salt=b'salt').verify(request.json['password'], api_auth.get(request.json['username'])):
         return {'status': 'error', 'message': 'Invalid username or password'}
     return {
         'token': jwt.encode({}, api_secret, algorithm='HS256'),