diff --git a/internal/db/user.go b/internal/db/user.go
index bb307f7..d1de281 100644
--- a/internal/db/user.go
+++ b/internal/db/user.go
@@ -89,13 +89,14 @@ func HashPassword(password string) (string, error) {
 	return fmt.Sprintf("$%s$%s$%s$%s", pwdAlgo, pwdParams, encodedSalt, encodedHash), nil
 }
 
+var errInvalidDBPasswordFormat = errors.New("invalid password format in db")
 func comparePassword(hashedPassword string, password string) (bool, error) {
 	// Extract the salt and hash from the hashed password string
-	fields := strings.Split(hashedPassword, "$")[1:]
-	if len(fields) != 4 || fields[0] != pwdAlgo || fields[1] != pwdParams {
-		return false, errors.New("invalid password format in db")
+	fields := strings.Split(hashedPassword, "$")
+	if len(fields) != 5 || fields[1] != pwdAlgo || fields[2] != pwdParams {
+		return false, errInvalidDBPasswordFormat
 	}
-	encodedSalt, encodedHash := fields[2], fields[3]
+	encodedSalt, encodedHash := fields[3], fields[4]
 
 	// Decode the salt and hash from base64
 	salt, err := base64.RawStdEncoding.DecodeString(encodedSalt)