diff --git a/src/libs/API.js b/src/libs/API.js
index c885298411b0..5fa63cf9dbf4 100644
--- a/src/libs/API.js
+++ b/src/libs/API.js
@@ -221,6 +221,11 @@ function Authenticate(parameters) {
                     case 401:
                         throw new Error('passwordForm.error.incorrectLoginOrPassword');
                     case 402:
+                        // If too few characters are passed as the password, the WAF will pass it to the API as an empty
+                        // string, which results in a 402 error from Auth.
+                        if (response.message === '402 Missing partnerUserSecret') {
+                            throw new Error('passwordForm.error.incorrectLoginOrPassword');
+                        }
                         throw new Error('passwordForm.error.twoFactorAuthenticationEnabled');
                     case 403:
                         throw new Error('passwordForm.error.invalidLoginOrPassword');