diff --git a/spaceapi/auth.py b/spaceapi/auth.py
--- a/spaceapi/auth.py
+++ b/spaceapi/auth.py
@@ -1,6 +1,7 @@
+from hmac import compare_digest
+
 from flask import current_app
 from flask_httpauth import HTTPBasicAuth, HTTPDigestAuth
-from werkzeug.security import safe_str_cmp
 
 basicauth = HTTPBasicAuth()
 httpauth = HTTPDigestAuth()
@@ -16,7 +17,7 @@ def get_pw(username):
 @basicauth.verify_password
 def verify_password(username, password):
     if username in current_app.config["HTTP_DIGEST_AUTH_USERS"]:
-        return safe_str_cmp(
+        return compare_digest(
             current_app.config["HTTP_DIGEST_AUTH_USERS"][username], password
         )
     return None