diff --git a/internal/db/user.go b/internal/db/user.go
index 4c757d7..92c2c81 100644
--- a/internal/db/user.go
+++ b/internal/db/user.go
@@ -84,8 +84,8 @@ func HashPassword(password string) (string, error) {
 	hash := argon2.IDKey([]byte(password), salt, 2, 64*1024, 1, pwdHashSize)
 
 	// Encode the salt and hash as a string in PHC format
-	encodedSalt := base64.RawStdEncoding.EncodeToString(salt)
-	encodedHash := base64.RawStdEncoding.EncodeToString(hash)
+	encodedSalt := base64.URLEncoding.EncodeToString(salt)
+	encodedHash := base64.URLEncoding.EncodeToString(hash)
 	return fmt.Sprintf("$%s$%s$%s$%s", pwdAlgo, pwdParams, encodedSalt, encodedHash), nil
 }
 
@@ -98,11 +98,11 @@ func comparePassword(hashedPassword string, password string) (bool, error) {
 	encodedSalt, encodedHash := fields[2], fields[3]
 
 	// Decode the salt and hash from base64
-	salt, err := base64.RawStdEncoding.DecodeString(encodedSalt)
+	salt, err := base64.URLEncoding.DecodeString(encodedSalt)
 	if err != nil {
 		return false, err
 	}
-	hash, err := base64.RawStdEncoding.DecodeString(encodedHash)
+	hash, err := base64.URLEncoding.DecodeString(encodedHash)
 	if err != nil {
 		return false, err
 	}