diff --git a/owasp-top10-2021-apps/a9/games-irados/app/model/password.py b/owasp-top10-2021-apps/a9/games-irados/app/model/password.py
index 3abacd0bd..0675f77e2 100644
--- a/owasp-top10-2021-apps/a9/games-irados/app/model/password.py
+++ b/owasp-top10-2021-apps/a9/games-irados/app/model/password.py
@@ -1,4 +1,5 @@
 import hashlib
+import os
 
 class Password:
 
@@ -6,10 +7,15 @@ def __init__(self, password):
         self.password = password
 
     def get_hashed_password(self):
-        return self._make_hash(self.password)
+        salt = os.urandom(16)
+        dk = hashlib.pbkdf2_hmac('sha256', self.password.encode(), salt, 100000)
+        return salt.hex() + ':' + dk.hex()
 
     def validate_password(self, hashed_password):
-        return self._compare_password(hashed_password, self._make_hash(self.password))
+        salt_hex, hash_hex = hashed_password.split(':')
+        salt = bytes.fromhex(salt_hex)
+        dk = hashlib.pbkdf2_hmac('sha256', self.password.encode(), salt, 100000)
+        return hash_hex == dk.hex()
 
     def _make_hash(self, string):
         return hashlib.sha256(string).hexdigest()