diff --git a/backend/src/graphql/resolver/UserResolver.ts b/backend/src/graphql/resolver/UserResolver.ts
index 71d55f266..3bb264cf6 100644
--- a/backend/src/graphql/resolver/UserResolver.ts
+++ b/backend/src/graphql/resolver/UserResolver.ts
@@ -160,7 +160,14 @@ export class UserResolver {
     const loginUser = await loginUserRepository.findByEmail(email).catch(() => {
       throw new Error('No user with this credentials')
     })
-    if (!loginUser.emailChecked) throw new Error('user email not validated')
+    if (!loginUser.emailChecked) {
+      // TODO we want to catch this on the frontend and ask the user to check his emails or resend code
+      throw new Error('User email not validated')
+    }
+    if (loginUser.password === BigInt(0)) {
+      // TODO we want to catch this on the frontend and ask the user to check his emails or resend code
+      throw new Error('User has no password set yet')
+    }
     const passwordHash = SecretKeyCryptographyCreateKey(email, password) // return short and long hash
     const loginUserPassword = BigInt(loginUser.password.toString())
     if (loginUserPassword !== passwordHash[0].readBigUInt64LE()) {