diff --git a/axes/helpers.py b/axes/helpers.py
index e85c8d7..577112f 100644
--- a/axes/helpers.py
+++ b/axes/helpers.py
@@ -1,5 +1,5 @@
 from datetime import timedelta
-from hashlib import md5
+from hashlib import sha256
 from logging import getLogger
 from string import Template
 from typing import Callable, Optional, Type, Union
@@ -214,7 +214,7 @@ def make_cache_key_list(filter_kwargs_list):
         cache_key_components = "".join(
             value for value in filter_kwargs.values() if value
         )
-        cache_key_digest = md5(cache_key_components.encode()).hexdigest()
+        cache_key_digest = sha256(cache_key_components.encode()).hexdigest()
         cache_keys.append(f"axes-{cache_key_digest}")
     return cache_keys
 
diff --git a/tests/settings.py b/tests/settings.py
index 43de0b4..949aad8 100644
--- a/tests/settings.py
+++ b/tests/settings.py
@@ -24,6 +24,9 @@ AUTHENTICATION_BACKENDS = [
     "django.contrib.auth.backends.ModelBackend",
 ]
 
+# Use MD5 for tests as it is considerably faster than other options
+# note that this should never be used in any online setting
+# where users actually log in to the system due to easy exploitability
 PASSWORD_HASHERS = ["django.contrib.auth.hashers.MD5PasswordHasher"]
 
 ROOT_URLCONF = "tests.urls"
diff --git a/tests/test_helpers.py b/tests/test_helpers.py
index f17bee0..30a216d 100644
--- a/tests/test_helpers.py
+++ b/tests/test_helpers.py
@@ -1,5 +1,5 @@
 from datetime import timedelta
-from hashlib import md5
+from hashlib import sha256
 from unittest.mock import patch
 
 from django.contrib.auth import get_user_model
@@ -353,7 +353,7 @@ class ClientCacheKeyTestCase(AxesTestCase):
         Test the cache key format.
         """
 
-        cache_hash_digest = md5(self.ip_address.encode()).hexdigest()
+        cache_hash_digest = sha256(self.ip_address.encode()).hexdigest()
         cache_hash_key = f"axes-{cache_hash_digest}"
 
         # Getting cache key from request
@@ -385,7 +385,7 @@ class ClientCacheKeyTestCase(AxesTestCase):
 
         empty_ip_address = ""
 
-        cache_hash_digest = md5(empty_ip_address.encode()).hexdigest()
+        cache_hash_digest = sha256(empty_ip_address.encode()).hexdigest()
         cache_hash_key = f"axes-{cache_hash_digest}"
 
         # Getting cache key from request
@@ -418,7 +418,7 @@ class ClientCacheKeyTestCase(AxesTestCase):
         """
 
         ip_address = self.ip_address
-        cache_hash_digest = md5(ip_address.encode()).hexdigest()
+        cache_hash_digest = sha256(ip_address.encode()).hexdigest()
         cache_hash_key = f"axes-{cache_hash_digest}"
 
         # Getting cache key from request