diff --git a/app/code/Magento/Customer/Model/Authentication.php b/app/code/Magento/Customer/Model/Authentication.php
index 0967f1a0189e3..b0729647d7eec 100644
--- a/app/code/Magento/Customer/Model/Authentication.php
+++ b/app/code/Magento/Customer/Model/Authentication.php
@@ -167,7 +167,7 @@ public function authenticate($customerId, $password)
     {
         $customerSecure = $this->customerRegistry->retrieveSecureData($customerId);
         $hash = $customerSecure->getPasswordHash();
-        if (!$this->encryptor->validateHash($password, $hash)) {
+        if (!$hash || !$this->encryptor->validateHash($password, $hash)) {
             $this->processAuthenticationFailure($customerId);
             if ($this->isLocked($customerId)) {
                 throw new UserLockedException(__('The account is locked.'));