diff --git a/core/admin/assets/assets/app.js b/core/admin/assets/assets/app.js
index 33f63433..12baec4c 100644
--- a/core/admin/assets/assets/app.js
+++ b/core/admin/assets/assets/app.js
@@ -21,6 +21,9 @@ function sha1(string) {
 }
 
 function hibpCheck(pwd) {
+    if (pwd === null || pwd === undefined || pwd.length === 0) {
+	    return;
+    }
     // We hash the pwd first
     sha1(pwd).then(function(hash){
         // We send the first 5 chars of the hash to hibp's API
diff --git a/towncrier/newsfragments/3650.bugfix b/towncrier/newsfragments/3650.bugfix
new file mode 100644
index 00000000..97d9aa8f
--- /dev/null
+++ b/towncrier/newsfragments/3650.bugfix
@@ -0,0 +1 @@
+Don't check empty passwords against HIBP