diff --git a/postgres-protocol/Cargo.toml b/postgres-protocol/Cargo.toml
index 2a72cc60..922e9231 100644
--- a/postgres-protocol/Cargo.toml
+++ b/postgres-protocol/Cargo.toml
@@ -9,7 +9,7 @@ repository = "https://github.com/sfackler/rust-postgres"
 readme = "../README.md"
 
 [dependencies]
-base64 = "0.20"
+base64 = "0.21"
 byteorder = "1.0"
 bytes = "1.0"
 fallible-iterator = "0.2"
diff --git a/postgres-protocol/src/authentication/sasl.rs b/postgres-protocol/src/authentication/sasl.rs
index ea2f55ca..2352a66c 100644
--- a/postgres-protocol/src/authentication/sasl.rs
+++ b/postgres-protocol/src/authentication/sasl.rs
@@ -1,5 +1,8 @@
 //! SASL-based authentication support.
 
+use base64::display::Base64Display;
+use base64::engine::general_purpose::STANDARD;
+use base64::Engine;
 use hmac::{Hmac, Mac};
 use rand::{self, Rng};
 use sha2::digest::FixedOutput;
@@ -189,7 +192,7 @@ impl ScramSha256 {
             return Err(io::Error::new(io::ErrorKind::InvalidInput, "invalid nonce"));
         }
 
-        let salt = match base64::decode(parsed.salt) {
+        let salt = match STANDARD.decode(parsed.salt) {
             Ok(salt) => salt,
             Err(e) => return Err(io::Error::new(io::ErrorKind::InvalidInput, e)),
         };
@@ -208,7 +211,7 @@ impl ScramSha256 {
         let mut cbind_input = vec![];
         cbind_input.extend(channel_binding.gs2_header().as_bytes());
         cbind_input.extend(channel_binding.cbind_data());
-        let cbind_input = base64::encode(&cbind_input);
+        let cbind_input = STANDARD.encode(&cbind_input);
 
         self.message.clear();
         write!(&mut self.message, "c={},r={}", cbind_input, parsed.nonce).unwrap();
@@ -225,7 +228,12 @@ impl ScramSha256 {
             *proof ^= signature;
         }
 
-        write!(&mut self.message, ",p={}", base64::encode(&*client_proof)).unwrap();
+        write!(
+            &mut self.message,
+            ",p={}",
+            Base64Display::new(&client_proof, &STANDARD)
+        )
+        .unwrap();
 
         self.state = State::Finish {
             salted_password,
@@ -262,7 +270,7 @@ impl ScramSha256 {
             ServerFinalMessage::Verifier(verifier) => verifier,
         };
 
-        let verifier = match base64::decode(verifier) {
+        let verifier = match STANDARD.decode(verifier) {
             Ok(verifier) => verifier,
             Err(e) => return Err(io::Error::new(io::ErrorKind::InvalidInput, e)),
         };
diff --git a/postgres-protocol/src/password/mod.rs b/postgres-protocol/src/password/mod.rs
index a60687bb..f03bb811 100644
--- a/postgres-protocol/src/password/mod.rs
+++ b/postgres-protocol/src/password/mod.rs
@@ -7,6 +7,8 @@
 //! end up in logs pg_stat displays, etc.
 
 use crate::authentication::sasl;
+use base64::display::Base64Display;
+use base64::engine::general_purpose::STANDARD;
 use hmac::{Hmac, Mac};
 use md5::Md5;
 use rand::RngCore;
@@ -80,9 +82,9 @@ pub(crate) fn scram_sha_256_salt(password: &[u8], salt: [u8; SCRAM_DEFAULT_SALT_
     format!(
         "SCRAM-SHA-256${}:{}${}:{}",
         SCRAM_DEFAULT_ITERATIONS,
-        base64::encode(salt),
-        base64::encode(stored_key),
-        base64::encode(server_key)
+        Base64Display::new(&salt, &STANDARD),
+        Base64Display::new(&stored_key, &STANDARD),
+        Base64Display::new(&server_key, &STANDARD)
     )
 }