diff --git a/internal/auth/routes.go b/internal/auth/routes.go
index eb96de3..0e18254 100644
--- a/internal/auth/routes.go
+++ b/internal/auth/routes.go
@@ -81,6 +81,11 @@ func (h *AuthHandler) login(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	if !util.VerifyPassword(params.Password, user.PasswordHash) {
+		web.Error(w, "username or/and password are incorrect", http.StatusBadRequest)
+		return
+	}
+
 	claims := types.UserClaims{
 		UserID: user.ID.String(),
 		RegisteredClaims: jwt.RegisteredClaims{