diff --git a/flask_security/utils.py b/flask_security/utils.py
index c0935e6..eb95c50 100644
--- a/flask_security/utils.py
+++ b/flask_security/utils.py
@@ -85,19 +85,27 @@ def get_hmac(msg, salt=None, digestmod=None):
     return base64.b64encode(hmac.new(salt, msg, digestmod).digest())
 
 
-def verify_password(password, password_hash, salt=None, use_hmac=None):
-    salt = salt or _security.password_salt
+def verify_password(password, password_hash, use_hmac=None):
     if use_hmac is None:
         use_hmac = _security.password_hmac
-    hmac_value = get_hmac(password, salt) if use_hmac else password
+
+    if use_hmac:
+        hmac_value = get_hmac(password, _security.password_hmac_salt)
+    else:
+        hmac_value = password
+
     return _pwd_context.verify(hmac_value, password_hash)
 
 
 def encrypt_password(password, salt=None, use_hmac=None):
-    salt = salt or _security.password_salt
     if use_hmac is None:
         use_hmac = _security.password_hmac
-    hmac_value = get_hmac(password, salt) if use_hmac else password
+
+    if use_hmac:
+        hmac_value = get_hmac(password, _security.password_hmac_salt)
+    else:
+        hmac_value = password
+
     return _pwd_context.encrypt(hmac_value)
 
 
diff --git a/tests/functional_tests.py b/tests/functional_tests.py
index 6adcc84..2a06885 100644
--- a/tests/functional_tests.py
+++ b/tests/functional_tests.py
@@ -203,7 +203,7 @@ class ConfiguredSecurityTests(SecurityTest):
 
     AUTH_CONFIG = {
         'SECURITY_PASSWORD_HASH': 'bcrypt',
-        'SECURITY_PASSWORD_SALT': 'so-salty',
+        'SECURITY_PASSWORD_HMAC_SALT': 'so-salty',
         'SECURITY_PASSWORD_HMAC': True,
         'SECURITY_REGISTERABLE': True,
         'SECURITY_AUTH_URL': '/custom_auth',