diff --git a/defaults/main.yml b/defaults/main.yml
index b3494829..0d067081 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -148,7 +148,7 @@ postgresql_client_connection_check_interval: 0            # (>= 14)
 # - Authentication -
 
 postgresql_authentication_timeout: 60s
-postgresql_password_encryption: "{{ 'md5' if postgresql_version is version_compare('10', '>=') else 'on' }}" # (>=10.0 set to scram-sha-256 for best security)
+postgresql_password_encryption: "{{ 'scram-sha-256' if postgresql_version is version_compare('14', '>=') else 'md5' }}" # (>=14.0 set to scram-sha-256 for best security)
 postgresql_db_user_namespace: off
 
 # GSSAPI using Kerberos
diff --git a/vars/postgresql_14.yml b/vars/postgresql_14.yml
index cfde9ce6..e8a3b4a8 100644
--- a/vars/postgresql_14.yml
+++ b/vars/postgresql_14.yml
@@ -1,4 +1,3 @@
 ---
 # PostgreSQL vars for v14
 postgresql_client_connection_check_interval: 60
-postgresql_password_encryption: md5