diff --git a/cpp17/app/defaults/users.json b/cpp17/app/defaults/users.json
index 9012992..8fec4eb 100644
--- a/cpp17/app/defaults/users.json
+++ b/cpp17/app/defaults/users.json
@@ -1,12 +1,13 @@
 [
     {
         "username": "admin",
-        "password": "admin",
+        "password": "8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918",
         "id": "1000"
     },
     {
         "username": "user",
-        "password": "user",
+        "password": "04f8996da763b7a969b1028ee3007569eaf3a635486ddab211d512c85b9df8fb",
         "id": "1001"
     }
 ]
+
diff --git a/cpp17/lib/src/domain/entities/User.h b/cpp17/lib/src/domain/entities/User.h
index 875a314..7dc4a63 100644
--- a/cpp17/lib/src/domain/entities/User.h
+++ b/cpp17/lib/src/domain/entities/User.h
@@ -9,8 +9,9 @@ struct User
   using Id_t = std::string;
   inline static const Id_t NULL_ID{""};
   Id_t id;
+
   std::string username;
-  std::string password;
+  std::string passwordHash;
 };
 
 } // namespace nxl::autostore::domain
\ No newline at end of file
diff --git a/cpp17/lib/src/infrastructure/auth/FileJwtAuthService.cpp b/cpp17/lib/src/infrastructure/auth/FileJwtAuthService.cpp
index a08694f..c054bf7 100644
--- a/cpp17/lib/src/infrastructure/auth/FileJwtAuthService.cpp
+++ b/cpp17/lib/src/infrastructure/auth/FileJwtAuthService.cpp
@@ -2,6 +2,7 @@
 #include <jwt-cpp/jwt.h>
 #include <fstream>
 #include <nlohmann/json.hpp>
+#include <picosha2.h>
 
 namespace nxl::autostore::infrastructure {
 
@@ -68,6 +69,9 @@ FileJwtAuthService::authenticateUser(std::string_view username,
                                      std::string_view password)
 {
   try {
+    std::string passwordHash;
+    picosha2::hash256_hex_string(password, passwordHash);
+
     std::ifstream file(dbPath);
     if (!file.is_open()) {
       return std::nullopt;
@@ -78,7 +82,7 @@ FileJwtAuthService::authenticateUser(std::string_view username,
 
     for (const auto& userJson : usersJson) {
       if (userJson["username"] == username
-          && userJson["password"] == password) {
+          && userJson["password"] == passwordHash) {
         return userJson["id"].get<std::string>();
       }
     }
diff --git a/cpp17/vcpkg.json b/cpp17/vcpkg.json
index b4f0d6c..e80bc0b 100644
--- a/cpp17/vcpkg.json
+++ b/cpp17/vcpkg.json
@@ -6,6 +6,7 @@
     "nlohmann-json",
     "jwt-cpp",
     "spdlog",
+    "picosha2",
     "catch2",
     "trompeloeil"
   ],