diff --git a/pyspider/webui/login.py b/pyspider/webui/login.py
index d32d5b73a..a4c966c26 100644
--- a/pyspider/webui/login.py
+++ b/pyspider/webui/login.py
@@ -6,6 +6,7 @@
 # Created on 2014-12-10 20:36:27
 
 import base64
+import hmac
 from flask import Response
 try:
     import flask_login as login
@@ -41,8 +42,8 @@ def __init__(self, id, password):
     def is_authenticated(self):
         if not app.config.get('webui_username'):
             return True
-        if self.id == app.config.get('webui_username') \
-                and self.password == app.config.get('webui_password'):
+        if hmac.compare_digest(self.id.encode('utf-8'), app.config.get('webui_username').encode('utf-8')) \
+                and hmac.compare_digest(self.password.encode('utf-8'), app.config.get('webui_password').encode('utf-8')):
             return True
         return False