diff --git a/server/internal/core/user/auth.go b/server/internal/core/user/auth.go
index 6e260a1d..d4f16201 100644
--- a/server/internal/core/user/auth.go
+++ b/server/internal/core/user/auth.go
@@ -28,6 +28,8 @@ func (m manager) VerifyUserPassword(email, password string) (User, error) {
 			return User{}, ErrCredentialsInvalid
 		}
 		return User{}, err
+	} else if user.PasswordHash == "" {
+		return User{}, ErrCredentialsInvalid
 	} else {
 		if b, err := crypt.VerifyPassword(password, user.PasswordHash); err != nil {
 			return User{}, err