diff --git a/app/api/views/auth.py b/app/api/views/auth.py
index 5508c9f0..105e0bb6 100644
--- a/app/api/views/auth.py
+++ b/app/api/views/auth.py
@@ -1,4 +1,5 @@
-import random
+import secrets
+import string
 
 import facebook
 import google.oauth2.credentials
@@ -102,7 +103,7 @@ def auth_register():
     Session.flush()
 
     # create activation code
-    code = "".join([str(random.randint(0, 9)) for _ in range(6)])
+    code = "".join([str(secrets.choice(string.digits)) for _ in range(6)])
     AccountActivation.create(user_id=user.id, code=code)
     Session.commit()
 
@@ -195,7 +196,7 @@ def auth_reactivate():
         Session.commit()
 
     # create activation code
-    code = "".join([str(random.randint(0, 9)) for _ in range(6)])
+    code = "".join([str(secrets.choice(string.digits)) for _ in range(6)])
     AccountActivation.create(user_id=user.id, code=code)
     Session.commit()
 
diff --git a/app/utils.py b/app/utils.py
index 71a87232..38fc96d6 100644
--- a/app/utils.py
+++ b/app/utils.py
@@ -1,4 +1,4 @@
-import random
+import secrets
 import string
 import time
 import urllib.parse
@@ -16,7 +16,7 @@ with open(WORDS_FILE_PATH) as f:
 
 
 def random_word():
-    return random.choice(_words)
+    return secrets.choice(_words)
 
 
 def word_exist(word):
@@ -27,7 +27,7 @@ def random_words():
     """Generate a random words. Used to generate user-facing string, for ex email addresses"""
     # nb_words = random.randint(2, 3)
     nb_words = 2
-    return "_".join([random.choice(_words) for i in range(nb_words)])
+    return "_".join([secrets.choice(_words) for i in range(nb_words)])
 
 
 def random_string(length=10, include_digits=False):
@@ -36,7 +36,7 @@ def random_string(length=10, include_digits=False):
     if include_digits:
         letters += string.digits
 
-    return "".join(random.choice(letters) for _ in range(length))
+    return "".join(secrets.choice(letters) for _ in range(length))
 
 
 def convert_to_id(s: str):