diff --git a/backend/app/services/auth.py b/backend/app/services/auth.py
index 74743e5..a01873c 100644
--- a/backend/app/services/auth.py
+++ b/backend/app/services/auth.py
@@ -14,11 +14,29 @@ security = HTTPBearer()
 
 
 def verify_password(plain_password: str, hashed_password: str) -> bool:
-    return pwd_context.verify(plain_password, hashed_password)
+    try:
+        return pwd_context.verify(plain_password, hashed_password)
+    except ValueError as e:
+        if "password cannot be longer than 72 bytes" in str(e):
+            # Fallback: use bcrypt directly to avoid passlib version issues
+            import bcrypt
+            return bcrypt.checkpw(
+                plain_password.encode('utf-8'),
+                hashed_password.encode('utf-8')
+            )
+        raise
 
 
 def get_password_hash(password: str) -> str:
-    return pwd_context.hash(password)
+    try:
+        return pwd_context.hash(password)
+    except Exception as e:
+        # Fallback: use bcrypt directly to avoid passlib version issues
+        import bcrypt
+        return bcrypt.hashpw(
+            password.encode('utf-8'),
+            bcrypt.gensalt()
+        ).decode('utf-8')
 
 
 def create_access_token(data: dict, expires_delta: Optional[timedelta] = None) -> str: