diff --git a/backend/btrixcloud/auth.py b/backend/btrixcloud/auth.py
index ac287fece5..fc8ebeef9d 100644
--- a/backend/btrixcloud/auth.py
+++ b/backend/btrixcloud/auth.py
@@ -4,8 +4,11 @@
 from uuid import UUID, uuid4
 from datetime import timedelta
 from typing import Optional, Tuple, List
-from passlib import pwd
-from passlib.context import CryptContext
+import string
+import secrets
+from pwdlib import PasswordHash
+from pwdlib.hashers.argon2 import Argon2Hasher
+from pwdlib.hashers.bcrypt import BcryptHasher
 
 from pydantic import BaseModel
 import jwt
@@ -38,7 +41,12 @@
 
 RESET_VERIFY_TOKEN_LIFETIME_MINUTES = 60
 
-PWD_CONTEXT = CryptContext(schemes=["bcrypt"], deprecated="auto")
+PWD_CONTEXT = PasswordHash(
+    (
+        Argon2Hasher(),
+        BcryptHasher(),
+    )
+)
 
 # Audiences
 CUSTOM_AUTH_AUD = "btrix:custom-auth"
@@ -163,7 +171,8 @@ def get_password_hash(password: str) -> str:
 # ============================================================================
 def generate_password() -> str:
     """generate new secure password"""
-    return pwd.genword()
+    alphabet = string.ascii_letters + string.digits
+    return "".join(secrets.choice(alphabet) for i in range(20))
 
 
 # ============================================================================
diff --git a/backend/requirements.txt b/backend/requirements.txt
index 918ff53714..d4a9ced19b 100644
--- a/backend/requirements.txt
+++ b/backend/requirements.txt
@@ -2,7 +2,7 @@ gunicorn
 uvicorn[standard]
 fastapi==0.128.0
 motor
-passlib
+pwdlib[argon2,bcrypt]
 PyJWT==2.8.0
 pydantic==2.12.5
 email-validator
@@ -29,4 +29,4 @@ remotezip
 json-stream
 aiostream
 iso639-lang>=2.6.0
-setuptools<82.0.0
+setuptools