diff --git a/darkbazaar/src/auth.py b/darkbazaar/src/auth.py
index 32ab66a..da3af7e 100755
--- a/darkbazaar/src/auth.py
+++ b/darkbazaar/src/auth.py
@@ -1,9 +1,11 @@
-from passlib.context import CryptContext
-
-ctx = CryptContext(schemes=["pbkdf2_sha256"], pbkdf2_sha256__rounds=1)
-
-def get_password_hash(password: str) -> str:
-    return ctx.hash(password)
-
-def verify_password(plain_password: str, hashed_password: str) -> bool:
-    return ctx.verify(plain_password, hashed_password)
+from passlib.context import CryptContext
+
+# SECURITY FIX: Use proper PBKDF2 rounds (29000+ recommended, using 260000 for better security)
+# Previously was using only 1 round which made password cracking trivial
+ctx = CryptContext(schemes=["pbkdf2_sha256"], pbkdf2_sha256__rounds=260000)
+
+def get_password_hash(password: str) -> str:
+    return ctx.hash(password)
+
+def verify_password(plain_password: str, hashed_password: str) -> bool:
+    return ctx.verify(plain_password, hashed_password)