diff --git a/lib/devise.rb b/lib/devise.rb
index 290fd78a..e02bf50e 100644
--- a/lib/devise.rb
+++ b/lib/devise.rb
@@ -378,8 +378,7 @@ module Devise
 
   # constant-time comparison algorithm to prevent timing attacks
   def self.secure_compare(a, b)
-    return false unless a.present? && b.present?
-    return false unless a.bytesize == b.bytesize
+    return false if a.blank? || b.blank? || a.bytesize != b.bytesize
     l = a.unpack "C#{a.bytesize}"
 
     res = 0
diff --git a/test/devise_test.rb b/test/devise_test.rb
index d21dbaee..f2e3da93 100644
--- a/test/devise_test.rb
+++ b/test/devise_test.rb
@@ -62,4 +62,14 @@ class DeviseTest < ActiveSupport::TestCase
     assert_nothing_raised(Exception) { Devise.add_module(:authenticatable_again, :model => 'devise/model/authenticatable') }
     assert defined?(Devise::Models::AuthenticatableAgain)
   end
+  
+  test 'should complain when comparing empty or different sized passes' do
+    [nil, ""].each do |empty|
+      assert_not Devise.secure_compare(empty, "something")
+      assert_not Devise.secure_compare("something", empty)
+      assert_not Devise.secure_compare(empty, empty)
+    end
+    assert_not Devise.secure_compare("size_1", "size_four")
+  end
+  
 end