diff --git a/core/admin/mailu/configuration.py b/core/admin/mailu/configuration.py
index e568deb9..228bb253 100644
--- a/core/admin/mailu/configuration.py
+++ b/core/admin/mailu/configuration.py
@@ -83,7 +83,7 @@ DEFAULT_CONFIG = {
     'SESSION_TIMEOUT': 3600,
     'PERMANENT_SESSION_LIFETIME': 30*24*3600,
     'SESSION_COOKIE_SECURE': None,
-    'CREDENTIAL_ROUNDS': 12,
+    'CREDENTIAL_ROUNDS': 13,
     'TLS_PERMISSIVE': True,
     'TZ': 'Etc/UTC',
     'DEFAULT_SPAM_THRESHOLD': 80,
diff --git a/docs/configuration.rst b/docs/configuration.rst
index b4b687b1..0d9f9b3a 100644
--- a/docs/configuration.rst
+++ b/docs/configuration.rst
@@ -221,7 +221,7 @@ The minimum length is 3 characters.
 This token must be passed as request header to the API as authentication token.
 This is a mandatory setting for using the RESTful API.
 
-The ``CREDENTIAL_ROUNDS`` (default: 12) setting is the number of rounds used by the
+The ``CREDENTIAL_ROUNDS`` (default: 13) setting is the number of rounds used by the
 password hashing scheme. The number of rounds can be reduced in case faster
 authentication is needed or increased when additional protection is desired.
 Keep in mind that this is a mitigation against offline attacks on password hashes,
diff --git a/towncrier/newsfragments/1753.feature b/towncrier/newsfragments/1753.feature
new file mode 100644
index 00000000..58143bae
--- /dev/null
+++ b/towncrier/newsfragments/1753.feature
@@ -0,0 +1 @@
+Bump CREDENTIAL_ROUNDS to 13. If your system is too slow you may want to revert back to 12.