diff --git a/app/src/app/Controllers/Auth/AuthController.php b/app/src/app/Controllers/Auth/AuthController.php
index c14347bb..603a0a49 100644
--- a/app/src/app/Controllers/Auth/AuthController.php
+++ b/app/src/app/Controllers/Auth/AuthController.php
@@ -36,10 +36,9 @@ public function login($postData)
         }
 
         // Check if the user exists and password matches
-        $user = User::findBy(['email' => $email, 'password' => $password], true);
+        $user = User::findBy(['email' => $email], true);
 
-        // TODO: Verify hashed password not raw password
-        if (!$user || strcmp($user->password, $password) !== 0) {
+        if (!$user || !password_verify($password, $user->password)) {
             echo 'Invalid email or password.';
             // Redirect back with error if authentication fails
             Session::set('error', 'Invalid email or password.');
diff --git a/app/src/app/Views/Auth/Login.php b/app/src/app/Views/Auth/Login.php
index 1a4605ec..8f905d18 100644
--- a/app/src/app/Views/Auth/Login.php
+++ b/app/src/app/Views/Auth/Login.php
@@ -22,7 +22,7 @@ class="mt-1 block w-full px-4 py-2 border border-gray-300 rounded-lg shadow-sm f
 
     <div>
         <label for="password" class="block text-sm font-medium text-gray-700">Password</label>
-        <input type="password" id="password" name="password" required value="hashedpassword3"
+        <input type="password" id="password" name="password" required value="demopass"
             class="mt-1 block w-full px-4 py-2 border border-gray-300 rounded-lg shadow-sm focus:outline-none focus:ring-blue-500 focus:border-blue-500 sm:text-sm"
             placeholder="••••••••">
     </div>
diff --git a/database/start-scripts/1-seed.sql b/database/start-scripts/1-seed.sql
index 29ed8269..ef3d9d0c 100644
--- a/database/start-scripts/1-seed.sql
+++ b/database/start-scripts/1-seed.sql
@@ -1,8 +1,8 @@
 --* Users
 INSERT INTO users (company, name, surname, dni, password, email, role) VALUES
-('TechCorp', 'Carlos', 'García', '12345678A', 'hashedpassword1', 'carlos.garcia@example.com', 1),
-('InnovaTech', 'Ana', 'Martínez', '23456789B', 'hashedpassword2', 'ana.martinez@example.com', 1),
-('DesignWorks', 'José', 'Rodríguez', '34567890C', 'hashedpassword3', 'jose.rodriguez@example.com', 2);
+('TechCorp', 'Carlos', 'García', '12345678A', '$2y$10$BvILqM2m0pJlHNzyugbIu.RqhLIKwKetsRCo3FQbpcOiVx2nHBc9m', 'carlos.garcia@example.com', 1), -- Password: demopass
+('InnovaTech', 'Ana', 'Martínez', '23456789B', '$2y$10$BvILqM2m0pJlHNzyugbIu.RqhLIKwKetsRCo3FQbpcOiVx2nHBc9m', 'ana.martinez@example.com', 1), -- Password: demopass
+('DesignWorks', 'José', 'Rodríguez', '34567890C', '$2y$10$BvILqM2m0pJlHNzyugbIu.RqhLIKwKetsRCo3FQbpcOiVx2nHBc9m', 'jose.rodriguez@example.com', 2); -- Password: demopass
 
 --* Contracts
 INSERT INTO contracts (name, start_date, end_date, invoice_proposed, invoice_agreed, invoice_paid) VALUES