diff --git a/packages/electron-app/electron/main/ipc.ts b/packages/electron-app/electron/main/ipc.ts
index 1d15fd3..eaaac3d 100644
--- a/packages/electron-app/electron/main/ipc.ts
+++ b/packages/electron-app/electron/main/ipc.ts
@@ -71,7 +71,9 @@ export function setupCliIPC(mainWindow: BrowserWindow, cliManager: CliProcessMan
     return user
   })
   ipcMain.handle("users:login", async (_, payload: { id: string; password?: string }) => {
+    console.log("[IPC:users:login] Attempting login for:", payload.id, "password length:", payload.password?.length)
     const ok = verifyPassword(payload.id, payload.password ?? "")
+    console.log("[IPC:users:login] verifyPassword result:", ok)
     if (!ok) {
       return { success: false }
     }
diff --git a/packages/electron-app/electron/main/user-store.ts b/packages/electron-app/electron/main/user-store.ts
index bc4ec53..4549d1b 100644
--- a/packages/electron-app/electron/main/user-store.ts
+++ b/packages/electron-app/electron/main/user-store.ts
@@ -276,10 +276,19 @@ export function deleteUser(userId: string) {
 export function verifyPassword(userId: string, password: string): boolean {
   const store = readStore()
   const user = store.users.find((u) => u.id === userId)
-  if (!user) return false
+  if (!user) {
+    console.log("[verifyPassword] User not found:", userId)
+    return false
+  }
   if (user.isGuest) return true
-  if (!user.salt || !user.passwordHash) return false
-  return hashPassword(password, user.salt) === user.passwordHash
+  if (!user.salt || !user.passwordHash) {
+    console.log("[verifyPassword] No salt or hash for user:", userId)
+    return false
+  }
+  const computed = hashPassword(password, user.salt)
+  const matches = computed === user.passwordHash
+  console.log("[verifyPassword] userId:", userId, "computed:", computed, "stored:", user.passwordHash, "matches:", matches)
+  return matches
 }
 
 export function getUserDataRoot(userId: string) {