diff --git a/app/auth/service.py b/app/auth/service.py
index bebc934..68f8419 100644
--- a/app/auth/service.py
+++ b/app/auth/service.py
@@ -5,6 +5,7 @@ from typing import Optional
 from jose import jwt
 from jose.constants import ALGORITHMS
 from sqlalchemy.orm import Session
+import secrets
 
 from app.auth.dto import Credentials
 from app.config import config
@@ -16,11 +17,15 @@ JWT_ISSUER = "Energia"
 
 def authenticate(credentials: Credentials, db: Session) -> Optional[str]:
     user = get_user_by_username(db, credentials.username)
-    if passwords_match(user.password, credentials.password):
+
+    if not secrets.compare_digest(user.username, credentials.username):
+        return None
+
+    if not passwords_match(user.password, credentials.password):
+        return None
+    else:
         token = issue_token(user.id)
         return token
-    else:
-        return None
 
 
 def issue_token(user_id: int) -> str: