diff --git a/internal/user/password_hashings_test.go b/internal/user/password_hashings_test.go
index fcf24d842..dedea4c9b 100644
--- a/internal/user/password_hashings_test.go
+++ b/internal/user/password_hashings_test.go
@@ -17,6 +17,14 @@ func TestPasswordHashingConstantMatchCryptoPackage(t *testing.T) {
 	require.Equal(t, crypto.Pbkdf2Algorithm, pbkdf2HashAlgorithm)
 }
 
+func TestNonZeroDummyHash(t *testing.T) {
+	empty := make([]byte, len(dummyHashThatNeverMatchesAnyPassword))
+
+	require.NotNil(t, dummyHashThatNeverMatchesAnyPassword)
+	require.NotZero(t, dummyHashThatNeverMatchesAnyPassword)
+	require.NotEqual(t, empty, dummyHashThatNeverMatchesAnyPassword)
+}
+
 // The passwordHashSaltLength constant defines the salt length used in this
 // package for password hashing. This trivial test ensures that this hash length
 // meets the minimum requirement for the instantiations of the registered
diff --git a/internal/user/user_profile_pw_hash.go b/internal/user/user_profile_pw_hash.go
index d1c58e222..78e8abe28 100644
--- a/internal/user/user_profile_pw_hash.go
+++ b/internal/user/user_profile_pw_hash.go
@@ -11,7 +11,17 @@
 )
 
 //nolint:gochecknoglobals
-var dummyHashThatNeverMatchesAnyPassword = make([]byte, passwordHashSaltLength+passwordHashLength)
+var dummyHashThatNeverMatchesAnyPassword = initDummyHash()
+
+func initDummyHash() []byte {
+	s := make([]byte, passwordHashSaltLength+passwordHashLength)
+
+	for i := range s {
+		s[i] = 0xFF
+	}
+
+	return s
+}
 
 func (p *Profile) setPassword(password string) error {
 	passwordHashAlgorithm, err := getPasswordHashAlgorithm(p.PasswordHashVersion)