diff --git a/development.ini b/development.ini
index 771602d..0d32a06 100644
--- a/development.ini
+++ b/development.ini
@@ -21,7 +21,7 @@ retry.attempts = 3
 
 # passlib settings
 # setup the context to support only argon2 for the moment
-passlib.schemes = argon2, bcrypt
+passlib.schemes = argon2 bcrypt
 # default encryption scheme is argon2
 passlib.default = argon2
 # flag every encryption method as deprecated except the first one
diff --git a/ordr/__init__.py b/ordr/__init__.py
index c4b73e9..bce273c 100644
--- a/ordr/__init__.py
+++ b/ordr/__init__.py
@@ -11,6 +11,7 @@ def main(global_config, **settings):
     config.include('pyramid_jinja2')
     config.include('.models')
     config.include('.resources')
+    config.include('.security')
     config.add_static_view('static', 'static', cache_max_age=3600)
     config.scan()
     return config.make_wsgi_app()
diff --git a/ordr/security.py b/ordr/security.py
index 0b48234..2545697 100644
--- a/ordr/security.py
+++ b/ordr/security.py
@@ -1,5 +1,5 @@
 from passlib.context import CryptContext
-from pyramid.settings import aslist, asbool
+from pyramid.settings import aslist
 
 
 password_context = CryptContext()
@@ -16,10 +16,15 @@ def crypt_context_settings_to_string(settings, prefix='passlib.'):
     context settings is quite a task. Since passlib has a context parser 
     included, this seems the most reliable way to do it.
     '''
+    as_list_keys = {'schemes', 'deprecated'}
     config_lines = ['[passlib]']
     for ini_key, value in settings.items():
         if ini_key.startswith(prefix):
-            context_key = ini_key.replace(prefix, '')
+            context_key = ini_key.replace(prefix, '')            
+            # the pyramid .ini format is different on lists 
+            # than the .ini format used by passlib.
+            if context_key in as_list_keys and ',' not in value:
+                value = ','.join(aslist(value))
             config_lines.append(f'{context_key} = {value}')
     return '\n'.join(config_lines)