diff --git a/src/Symfony/Component/Security/Core/Encoder/BasePasswordEncoder.php b/src/Symfony/Component/Security/Core/Encoder/BasePasswordEncoder.php
index 58c64dbbede2..a1fe991cae33 100644
--- a/src/Symfony/Component/Security/Core/Encoder/BasePasswordEncoder.php
+++ b/src/Symfony/Component/Security/Core/Encoder/BasePasswordEncoder.php
@@ -77,6 +77,9 @@ protected function mergePasswordAndSalt($password, $salt)
      */
     protected function comparePasswords($password1, $password2)
     {
+        settype($password1, 'string');
+        settype($password2, 'string');
+
         if (strlen($password1) !== strlen($password2)) {
             return false;
         }