diff --git a/security/form_login_setup.rst b/security/form_login_setup.rst
index dafbc783dca..b588aeb610e 100644
--- a/security/form_login_setup.rst
+++ b/security/form_login_setup.rst
@@ -244,6 +244,10 @@ a traditional HTML form that submits to ``/login``:
 
         public function checkCredentials($credentials, UserInterface $user)
         {
+            if (empty($credentials['password'])) {
+                throw new CustomUserMessageAuthenticationException('Invalid password.');
+            }
+            
             return $this->passwordEncoder->isPasswordValid($user, $credentials['password']);
         }