diff --git a/app/User/UseCases/AuthenticateUser.php b/app/User/UseCases/AuthenticateUser.php
index 56281b1..a889a06 100644
--- a/app/User/UseCases/AuthenticateUser.php
+++ b/app/User/UseCases/AuthenticateUser.php
@@ -2,6 +2,7 @@
 
 namespace App\User\UseCases;
 
+use App\Auth\PasswordHasher;
 use App\Exceptions\BadRequestException;
 use App\Exceptions\UnauthorizedException;
 use App\User\User;
@@ -12,6 +13,7 @@ class AuthenticateUser
 {
     public function __construct(
         private UserRepository $userRepo,
+        private PasswordHasher $passwordHasher,
     ) {}
 
     /**
@@ -35,7 +37,7 @@ class AuthenticateUser
             throw new UnauthorizedException('invalid credentials');
         }
 
-        $passwordMatches = password_verify(
+        $passwordMatches = $this->passwordHasher->verify(
             $request->password,
             $user->getPasswordHash()
         );
diff --git a/app/User/UseCases/CreateUser.php b/app/User/UseCases/CreateUser.php
index a327940..cf89fdd 100644
--- a/app/User/UseCases/CreateUser.php
+++ b/app/User/UseCases/CreateUser.php
@@ -2,6 +2,7 @@
 
 namespace App\User\UseCases;
 
+use App\Auth\PasswordHasher;
 use App\Exceptions\BadRequestException;
 use App\User\User;
 use App\User\UserRepository;
@@ -11,6 +12,7 @@ class CreateUser
 {
     public function __construct(
         private UserRepository $userRepo,
+        private PasswordHasher $passwordHasher,
     ) {}
 
     /**
@@ -39,7 +41,7 @@ class CreateUser
 
         return $this->userRepo->create(new CreateUserDto(
             email: $email,
-            passwordHash: password_hash($dto->password, PASSWORD_DEFAULT),
+            passwordHash: $this->passwordHasher->hash($dto->password),
             isAdmin: $dto->isAdmin,
         ));
     }