diff --git a/core/admin/mailu/limiter.py b/core/admin/mailu/limiter.py
index f8e90101..47658ba4 100644
--- a/core/admin/mailu/limiter.py
+++ b/core/admin/mailu/limiter.py
@@ -68,7 +68,7 @@ class LimitWraperFactory(object):
             app.logger.warn(f'Authentication attempt from {ip} for {username} has been rate-limited.')
         return is_rate_limited
 
-    def rate_limit_user(self, username, ip, device_cookie=None, device_cookie_name=None, password=None):
+    def rate_limit_user(self, username, ip, device_cookie=None, device_cookie_name=None, password=''):
         limiter = self.get_limiter(app.config["AUTH_RATELIMIT_USER"], 'auth-user')
         if self.is_subject_to_rate_limits(ip):
             truncated_password = hmac.new(bytearray(username, 'utf-8'), bytearray(password, 'utf-8'), 'sha256').hexdigest()[-6:]