diff --git a/app/services/backup_code_generator.rb b/app/services/backup_code_generator.rb
index bfb9fab8b69..c893756cfd3 100644
--- a/app/services/backup_code_generator.rb
+++ b/app/services/backup_code_generator.rb
@@ -24,6 +24,7 @@ def create
 
   # @return [Boolean]
   def verify(plaintext_code)
+    return false unless plaintext_code.present?
     backup_code = RandomPhrase.normalize(plaintext_code)
     code = BackupCodeConfiguration.find_with_code(code: backup_code, user_id: @user.id)
     return false unless code_usable?(code)
diff --git a/spec/services/backup_code_generator_spec.rb b/spec/services/backup_code_generator_spec.rb
index eedff1cf59f..0ab443c2f26 100644
--- a/spec/services/backup_code_generator_spec.rb
+++ b/spec/services/backup_code_generator_spec.rb
@@ -31,6 +31,11 @@
     expect(success).to eq false
   end
 
+  it 'should reject nil codes' do
+    success = generator.verify(nil)
+    expect(success).to eq false
+  end
+
   it 'creates codes with the same salt for that batch' do
     generator.create