diff --git a/client/src/events.js b/client/src/events.js
index b5e37746..fd657c28 100644
--- a/client/src/events.js
+++ b/client/src/events.js
@@ -66,6 +66,7 @@ function registerEvents(registry, events) {
         const PASSWORD_INPUT = '<input className="input" type="password" placeholder="password" />';
         const LOGIN_BUTTON = '<button type="submit">Login</button>';
         const REGISTER_BUTTON = '<button type="submit">Register</button>';
+        const DEMO_BUTTON = '<button type="submit">Demo</button>';
 
         const ws = registry.get('ws');
 
@@ -81,6 +82,10 @@ function registerEvents(registry, events) {
             ws.sendAccountCreate(USERNAME, PASSWORD);
         }
 
+        function submitDemo() {
+            ws.sendAccountDemo();
+        }
+
         const existing = document.querySelector('#login'); // Selector of your toast
         if (existing) toast.hide({}, existing, 'reconnect');
 
@@ -101,6 +106,7 @@ function registerEvents(registry, events) {
             buttons: [
                 [LOGIN_BUTTON, submitLogin], // true to focus
                 [REGISTER_BUTTON, submitRegister], // true to focus
+                [DEMO_BUTTON, submitDemo], // true to focus
             ],
         });
 
diff --git a/client/src/socket.js b/client/src/socket.js
index c6b42b79..87bd85bc 100644
--- a/client/src/socket.js
+++ b/client/src/socket.js
@@ -36,6 +36,10 @@ function createSocket(events) {
         send({ method: 'account_create', params: { name, password } });
     }
 
+    function sendAccountDemo() {
+        send({ method: 'account_demo', params: {} });
+    }
+
     function sendAccountCryps() {
         send({ method: 'account_cryps', params: {} });
     }
@@ -186,7 +190,7 @@ function createSocket(events) {
 
             if (!account) events.loginPrompt();
             if (process.env.NODE_ENV !== 'production') {
-                send({ method: 'account_login', params: { name: 'ntr', password: 'grepgrepgrep' } });
+                // send({ method: 'account_login', params: { name: 'ntr', password: 'grepgrepgrep' } });
             }
 
             return true;
@@ -216,6 +220,7 @@ function createSocket(events) {
     return {
         sendAccountLogin,
         sendAccountCreate,
+        sendAccountDemo,
         sendAccountCryps,
         sendAccountItems,
         sendGameState,
diff --git a/server/src/account.rs b/server/src/account.rs
index dda3537f..6b66d1d1 100644
--- a/server/src/account.rs
+++ b/server/src/account.rs
@@ -65,7 +65,9 @@ pub fn account_create(params: AccountCreateParams, tx: &mut Transaction) -> Resu
     if params.password.len() < PASSWORD_MIN_LEN {
         return Err(err_msg("password must be at least 12 characters"));
     }
-    let password = hash(&params.password, 4)?;
+
+    let rounds = 8;
+    let password = hash(&params.password, rounds)?;
 
     let mut rng = thread_rng();
     let token: String = iter::repeat(())
diff --git a/server/src/rpc.rs b/server/src/rpc.rs
index e8954b39..b636ec6f 100644
--- a/server/src/rpc.rs
+++ b/server/src/rpc.rs
@@ -4,6 +4,11 @@ use tungstenite::Message::Binary;
 use postgres::transaction::Transaction;
 use std::net::{TcpStream};
 
+// demo
+use std::iter;
+use rand::{thread_rng, Rng};
+use rand::distributions::Alphanumeric;
+
 use serde_cbor::{from_slice, to_vec};
 use uuid::Uuid;
 use failure::Error;
@@ -38,6 +43,7 @@ impl Rpc {
                 match v.method.as_ref() {
                     "account_create" => (),
                     "account_login"  => (),
+                    "account_demo"  => (),
                     _ => match account {
                         Some(_) => (),
                         None => return Err(err_msg("auth required")),
@@ -50,6 +56,7 @@ impl Rpc {
                     // no auth methods
                     "account_create" => Rpc::account_create(data, &mut tx, client),
                     "account_login" => Rpc::account_login(data, &mut tx, client),
+                    "account_demo" => Rpc::account_demo(data, &mut tx, client),
 
                     // auth methods
                     "cryp_spawn" => Rpc::cryp_spawn(data, &mut tx, account.unwrap(), client),
@@ -251,6 +258,43 @@ impl Rpc {
         }
     }
 
+    fn account_demo(_data: Vec<u8>, tx: &mut Transaction, _client: &mut WebSocket<TcpStream>) -> Result<RpcResponse, Error> {
+        let mut rng = thread_rng();
+
+        let acc_name: String = iter::repeat(())
+            .map(|()| rng.sample(Alphanumeric))
+            .take(8)
+            .collect();
+
+        let account = account_create(AccountCreateParams { name: acc_name, password: "grepgrepgrep".to_string() }, tx)?;
+
+        let name: String = iter::repeat(()).map(|()| rng.sample(Alphanumeric)).take(8).collect();
+        let cryp = cryp_spawn(CrypSpawnParams { name }, tx, &account)?;
+        cryp_learn(CrypLearnParams { id: cryp.id, skill: Skill::Block }, tx, &account)?;
+        cryp_learn(CrypLearnParams { id: cryp.id, skill: Skill::Stun }, tx, &account)?;
+        cryp_learn(CrypLearnParams { id: cryp.id, skill: Skill::Throw }, tx, &account)?;
+
+        let name: String = iter::repeat(()).map(|()| rng.sample(Alphanumeric)).take(8).collect();
+        let cryp = cryp_spawn(CrypSpawnParams { name }, tx, &account)?;
+        cryp_learn(CrypLearnParams { id: cryp.id, skill: Skill::Decay }, tx, &account)?;
+        cryp_learn(CrypLearnParams { id: cryp.id, skill: Skill::Blast }, tx, &account)?;
+        cryp_learn(CrypLearnParams { id: cryp.id, skill: Skill::Drain }, tx, &account)?;
+
+        let name: String = iter::repeat(()).map(|()| rng.sample(Alphanumeric)).take(8).collect();
+        let cryp = cryp_spawn(CrypSpawnParams { name }, tx, &account)?;
+        cryp_learn(CrypLearnParams { id: cryp.id, skill: Skill::Triage }, tx, &account)?;
+        cryp_learn(CrypLearnParams { id: cryp.id, skill: Skill::Heal }, tx, &account)?;
+        cryp_learn(CrypLearnParams { id: cryp.id, skill: Skill::Purify }, tx, &account)?;
+
+        let res = RpcResponse {
+            method: "account_create".to_string(),
+            params: RpcResult::Account(account),
+        };
+
+        return Ok(res);
+    }
+
+
     fn account_cryps(_data: Vec<u8>, tx: &mut Transaction, account: Account, _client: &mut WebSocket<TcpStream>) -> Result<RpcResponse, Error> {
         Ok(RpcResponse {
             method: "account_cryps".to_string(),