diff --git a/login.php b/login.php
index 278f9c9..aa3591e 100644
--- a/login.php
+++ b/login.php
@@ -12,7 +12,8 @@ $con = new mysqli(DATABASE_HOST, DATABASE_USER, DATABASE_PASS, DATABASE_NAME);
 session_start();
 $username = mysqli_real_escape_string($con, $_POST['username']);
 $password = mysqli_real_escape_string($con, $_POST['password']);
-$password = sha1($password);
+# $password = sha1($password); //this is the original line of code, just found sha1isn't any better than md5
+$password = password_hash($password, PASSWORD_BCRYPT);
 if ($con->connect_errno > 0){
 	die ('Unable to connect to database [' . $db->connect_errno . ']');
 }