diff --git a/internal/handlers/api.go b/internal/handlers/api.go
index 690de49..9859257 100644
--- a/internal/handlers/api.go
+++ b/internal/handlers/api.go
@@ -2,6 +2,7 @@ package handlers
 
 import (
 	"context"
+	"crypto/subtle"
 	"encoding/json"
 	"fmt"
 	"net"
@@ -2822,7 +2823,8 @@ func (hdlr *Handlers) handleOper(
 	cfgPass := hdlr.params.Config.OperPassword
 
 	if cfgName == "" || cfgPass == "" ||
-		operName != cfgName || operPass != cfgPass {
+		subtle.ConstantTimeCompare([]byte(operName), []byte(cfgName)) != 1 ||
+		subtle.ConstantTimeCompare([]byte(operPass), []byte(cfgPass)) != 1 {
 		hdlr.enqueueNumeric(
 			ctx, clientID, irc.ErrNoOperHost, nick,
 			nil, "No O-lines for your host",