diff --git a/backend/auth_passwords.py b/backend/auth_passwords.py
index befa92b..39839a6 100644
--- a/backend/auth_passwords.py
+++ b/backend/auth_passwords.py
@@ -4,7 +4,6 @@ Kept separate from portal_auth (cookie signing) so the future operator auth can
 reuse the same hasher. Never store or log raw passwords."""
 import secrets
 from argon2 import PasswordHasher
-from argon2.exceptions import VerifyMismatchError, VerificationError, InvalidHashError
 
 _ph = PasswordHasher()
 
@@ -18,7 +17,7 @@ def verify_password(raw: str, hashed: str) -> bool:
     """True iff raw matches the stored hash. Never raises."""
     try:
         return _ph.verify(hashed, raw)
-    except (VerifyMismatchError, VerificationError, InvalidHashError, Exception):
+    except Exception:  # argon2 raises on mismatch/garbage; treat all as "no match"
         return False
 
 
diff --git a/tests/test_auth_passwords.py b/tests/test_auth_passwords.py
index 2575a79..e2786d8 100644
--- a/tests/test_auth_passwords.py
+++ b/tests/test_auth_passwords.py
@@ -1,4 +1,3 @@
-import pytest
 from backend.auth_passwords import hash_password, verify_password, generate_password