diff --git a/backend/src/app/infra/security.py b/backend/src/app/infra/security.py
index 24523ca..7d3caca 100644
--- a/backend/src/app/infra/security.py
+++ b/backend/src/app/infra/security.py
@@ -1,5 +1,6 @@
 """Security utilities for authentication and authorization."""
 
+import base64
 import hashlib
 from datetime import datetime, timedelta, timezone
 from typing import Optional
@@ -30,8 +31,9 @@ def hash_password(password: str) -> str:
         avoiding bcrypt's 72-byte limitation.
     """
     # Pre-hash with SHA256 to support unlimited password length
-    # This is a common technique to work around bcrypt's 72-byte limit
-    password_hash = hashlib.sha256(password.encode('utf-8')).hexdigest()
+    # Use base64 encoding for compact representation (43 chars < 72 bytes)
+    password_bytes = hashlib.sha256(password.encode('utf-8')).digest()
+    password_hash = base64.b64encode(password_bytes).decode('ascii')
     return pwd_context.hash(password_hash)
 
 
@@ -47,7 +49,8 @@ def verify_password(plain_password: str, hashed_password: str) -> bool:
         True if password matches, False otherwise
     """
     # Apply same SHA256 pre-hashing as hash_password
-    password_hash = hashlib.sha256(plain_password.encode('utf-8')).hexdigest()
+    password_bytes = hashlib.sha256(plain_password.encode('utf-8')).digest()
+    password_hash = base64.b64encode(password_bytes).decode('ascii')
     return pwd_context.verify(password_hash, hashed_password)