diff --git a/bookwyrm/views/login.py b/bookwyrm/views/login.py
index b213590fb..1ca65f2ff 100644
--- a/bookwyrm/views/login.py
+++ b/bookwyrm/views/login.py
@@ -6,8 +6,9 @@ from django.template.response import TemplateResponse
 from django.utils import timezone
 from django.utils.decorators import method_decorator
 from django.utils.translation import gettext_lazy as _
-from django.views.decorators.csrf import csrf_exempt
 from django.views import View
+from django.views.decorators.csrf import csrf_exempt
+from django.views.decorators.debug import sensitive_variables, sensitive_post_parameters
 
 from bookwyrm import forms, models
 from bookwyrm.settings import DOMAIN
@@ -30,6 +31,8 @@ class Login(View):
         }
         return TemplateResponse(request, "login.html", data)
 
+    @sensitive_variables("password")
+    @sensitive_post_parameters("password")
     def post(self, request):
         """authentication action"""
         if request.user.is_authenticated:
diff --git a/bookwyrm/views/register.py b/bookwyrm/views/register.py
index 334b29687..1ffa16ec6 100644
--- a/bookwyrm/views/register.py
+++ b/bookwyrm/views/register.py
@@ -3,8 +3,9 @@ from django.contrib.auth import login
 from django.core.exceptions import PermissionDenied
 from django.shortcuts import get_object_or_404, redirect
 from django.template.response import TemplateResponse
-from django.views.decorators.http import require_POST
 from django.views import View
+from django.views.decorators.http import require_POST
+from django.views.decorators.debug import sensitive_variables, sensitive_post_parameters
 
 from bookwyrm import emailing, forms, models
 from bookwyrm.settings import DOMAIN
@@ -14,6 +15,8 @@ from bookwyrm.settings import DOMAIN
 class Register(View):
     """register a user"""
 
+    @sensitive_variables("password")
+    @sensitive_post_parameters("password")
     def post(self, request):
         """join the server"""
         settings = models.SiteSettings.get()