diff --git a/hc/accounts/tests/test_add_credential.py b/hc/accounts/tests/test_add_credential.py
index f55ab61f..0d726316 100644
--- a/hc/accounts/tests/test_add_credential.py
+++ b/hc/accounts/tests/test_add_credential.py
@@ -80,3 +80,19 @@ class AddCredentialTestCase(BaseTestCase):
 
         r = self.client.post(self.url, payload)
         self.assertEqual(r.status_code, 400)
+
+    @patch("hc.accounts.views._get_credential_data")
+    def test_it_handles_authentication_failure(self, mock_get_credential_data):
+        mock_get_credential_data.return_value = None
+
+        self.client.login(username="alice@example.org", password="password")
+        self.set_sudo_flag()
+
+        payload = {
+            "name": "My New Key",
+            "client_data_json": "e30=",
+            "attestation_object": "e30=",
+        }
+
+        r = self.client.post(self.url, payload, follow=True)
+        self.assertEqual(r.status_code, 400)
diff --git a/hc/accounts/views.py b/hc/accounts/views.py
index 354b72c8..701f4be0 100644
--- a/hc/accounts/views.py
+++ b/hc/accounts/views.py
@@ -590,11 +590,14 @@ def _get_credential_data(request, form):
 
     """
 
-    auth_data = FIDO2_SERVER.register_complete(
-        request.session["state"],
-        ClientData(form.cleaned_data["client_data_json"]),
-        AttestationObject(form.cleaned_data["attestation_object"]),
-    )
+    try:
+        auth_data = FIDO2_SERVER.register_complete(
+            request.session["state"],
+            ClientData(form.cleaned_data["client_data_json"]),
+            AttestationObject(form.cleaned_data["attestation_object"]),
+        )
+    except ValueError:
+        return None
 
     return auth_data.credential_data
 
@@ -677,14 +680,17 @@ def _check_credential(request, form, credentials):
 
     """
 
-    FIDO2_SERVER.authenticate_complete(
-        request.session["state"],
-        credentials,
-        form.cleaned_data["credential_id"],
-        ClientData(form.cleaned_data["client_data_json"]),
-        AuthenticatorData(form.cleaned_data["authenticator_data"]),
-        form.cleaned_data["signature"],
-    )
+    try:
+        FIDO2_SERVER.authenticate_complete(
+            request.session["state"],
+            credentials,
+            form.cleaned_data["credential_id"],
+            ClientData(form.cleaned_data["client_data_json"]),
+            AuthenticatorData(form.cleaned_data["authenticator_data"]),
+            form.cleaned_data["signature"],
+        )
+    except ValueError:
+        return False
 
     return True