diff --git a/app/models/User.js b/app/models/User.js
index 110b4cb..64a46ff 100644
--- a/app/models/User.js
+++ b/app/models/User.js
@@ -1,7 +1,8 @@
-var mongoose = require('mongoose');
-var passportLocalMongoose = require('passport-local-mongoose');
+const mongoose = require('mongoose');
+const passportLocalMongoose = require('passport-local-mongoose');
+const config = require('config');
 
-var UserSchema = mongoose.Schema({
+const UserSchema = mongoose.Schema({
     username: {
         type: String,
         unique: true,
@@ -36,8 +37,8 @@ var UserSchema = mongoose.Schema({
 });
 
 UserSchema.plugin(passportLocalMongoose, {
-    saltlen: 64,
-    iterations: 10000,
+    saltlen: config.get('User.Password.saltLength'),
+    iterations: config.get('User.Password.hashIterations'),
     limitAttempts: true
 });
 
diff --git a/config/default.json b/config/default.json
index ba3c732..6065cc2 100644
--- a/config/default.json
+++ b/config/default.json
@@ -22,6 +22,10 @@
     "Username": {
       "maxLength": 36,
       "restrictedChars": "\\s"
+    },
+    "Password": {
+      "saltLength": 64,
+      "hashIterations": 25000
     }
   },
   "Log": {
diff --git a/config/test.json b/config/test.json
index 2322393..26fb1e4 100644
--- a/config/test.json
+++ b/config/test.json
@@ -11,5 +11,11 @@
   },
   "Log": {
     "httpLevel": "dev"
+  },
+  "User": {
+    "Password": {
+      "saltLength": 8,
+      "hashIterations": 1
+    }
   }
 }
\ No newline at end of file