diff --git a/server/config/runtime.exs b/server/config/runtime.exs
index f794ef0..af17c0c 100644
--- a/server/config/runtime.exs
+++ b/server/config/runtime.exs
@@ -1,5 +1,17 @@
 import Config
 
+if config_env() in [:prod, :dev] do
+  hash =
+    System.get_env("DASHBOARD_PASSWORD_HASH") ||
+      raise """
+      DASHBOARD_PASSWORD_HASH not set.
+      Generate one with:
+        mix run -e 'IO.puts(Argon2.hash_pwd_salt("your-password"))'
+      """
+
+  config :server, :dashboard_password_hash, hash
+end
+
 # config/runtime.exs is executed for all environments, including
 # during releases. It is executed after compilation and before the
 # system starts, so it is typically used to load production configuration
diff --git a/server/config/test.exs b/server/config/test.exs
index 91ee1f4..7a1291d 100644
--- a/server/config/test.exs
+++ b/server/config/test.exs
@@ -28,3 +28,5 @@ config :phoenix_live_view,
   enable_expensive_runtime_checks: true
 
 config :bcrypt_elixir, :log_rounds, 4
+
+config :argon2_elixir, t_cost: 1, m_cost: 8
diff --git a/server/mix.exs b/server/mix.exs
index 6958640..4acdd08 100644
--- a/server/mix.exs
+++ b/server/mix.exs
@@ -56,7 +56,8 @@ defmodule Server.MixProject do
       {:jason, "~> 1.2"},
       {:dns_cluster, "~> 0.1.1"},
       {:bandit, "~> 1.5"},
-      {:bcrypt_elixir, "~> 3.1"}
+      {:bcrypt_elixir, "~> 3.1"},
+      {:argon2_elixir, "~> 4.0"}
     ]
   end
 
diff --git a/server/mix.lock b/server/mix.lock
index 23194f8..5b89900 100644
--- a/server/mix.lock
+++ b/server/mix.lock
@@ -1,4 +1,5 @@
 %{
+  "argon2_elixir": {:hex, :argon2_elixir, "4.1.3", "4f28318286f89453364d7fbb53e03d4563fd7ed2438a60237eba5e426e97785f", [:make, :mix], [{:comeonin, "~> 5.3", [hex: :comeonin, repo: "hexpm", optional: false]}, {:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "7c295b8d8e0eaf6f43641698f962526cdf87c6feb7d14bd21e599271b510608c"},
   "bandit": {:hex, :bandit, "1.10.4", "02b9734c67c5916a008e7eb7e2ba68aaea6f8177094a5f8d95f1fb99069aac17", [:mix], [{:hpax, "~> 1.0", [hex: :hpax, repo: "hexpm", optional: false]}, {:plug, "~> 1.18", [hex: :plug, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}, {:thousand_island, "~> 1.0", [hex: :thousand_island, repo: "hexpm", optional: false]}, {:websock, "~> 0.5", [hex: :websock, repo: "hexpm", optional: false]}], "hexpm", "a5faf501042ac1f31d736d9d4a813b3db4ef812e634583b6a457b0928798a51d"},
   "bcrypt_elixir": {:hex, :bcrypt_elixir, "3.3.2", "d50091e3c9492d73e17fc1e1619a9b09d6a5ef99160eb4d736926fd475a16ca3", [:make, :mix], [{:comeonin, "~> 5.3", [hex: :comeonin, repo: "hexpm", optional: false]}, {:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "471be5151874ae7931911057d1467d908955f93554f7a6cd1b7d804cac8cef53"},
   "castore": {:hex, :castore, "1.0.18", "5e43ef0ec7d31195dfa5a65a86e6131db999d074179d2ba5a8de11fe14570f55", [:mix], [], "hexpm", "f393e4fe6317829b158fb74d86eb681f737d2fe326aa61ccf6293c4104957e34"},