diff --git a/src/Auth/Source/Hash.php b/src/Auth/Source/Hash.php
index 037e9aa..0c44d77 100644
--- a/src/Auth/Source/Hash.php
+++ b/src/Auth/Source/Hash.php
@@ -91,8 +91,11 @@ public function __construct(array $info, array $config)
      *
      * @throws \SimpleSAML\Error\Error if authentication fails.
      */
-    protected function login(string $username, string $password): array
-    {
+    protected function login(
+        string $username,
+        #[\SensitiveParameter]
+        string $password,
+    ): array {
         $cryptoUtils = new Utils\Crypto();
         foreach ($this->users as $userpass => $attrs) {
             $matches = explode(':', $userpass, 2);
diff --git a/src/Auth/Source/Htpasswd.php b/src/Auth/Source/Htpasswd.php
index fe9b64f..0d329d7 100644
--- a/src/Auth/Source/Htpasswd.php
+++ b/src/Auth/Source/Htpasswd.php
@@ -85,8 +85,11 @@ public function __construct(array $info, array $config)
      *
      * @throws \SimpleSAML\Error\Error if authentication fails.
      */
-    protected function login(string $username, string $password): array
-    {
+    protected function login(
+        string $username,
+        #[\SensitiveParameter]
+        string $password,
+    ): array {
         $cryptoUtils = new Utils\Crypto();
         foreach ($this->users as $userpass) {
             $matches = explode(':', $userpass, 2);