diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb
index db81fea1..0857cd77 100644
--- a/lib/devise/models/database_authenticatable.rb
+++ b/lib/devise/models/database_authenticatable.rb
@@ -60,17 +60,18 @@ module Devise
       # the hashed password.
       def password=(new_password)
         @password = new_password
-        self.encrypted_password = password_digest(@password) if @password.present?
+        self.encrypted_password = password_digest(@password) 
       end
 
       # Verifies whether a password (ie from sign in) is the user password.
       def valid_password?(password)
+        return false if password.blank?
         Devise::Encryptor.compare(self.class, encrypted_password, password)
       end
 
       # Set password and password confirmation to nil
       def clean_up_passwords
-        self.password = self.password_confirmation = nil
+        @password = @password_confirmation = nil
       end
 
       # Update record attributes when :current_password matches, otherwise
@@ -180,6 +181,7 @@ module Devise
       # See https://github.com/plataformatec/devise-encryptable for examples
       # of other hashing engines.
       def password_digest(password)
+        return if password.blank?
         Devise::Encryptor.digest(self.class, password)
       end
 
diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb
index 6eb6a052..2b0b9231 100644
--- a/test/models/database_authenticatable_test.rb
+++ b/test/models/database_authenticatable_test.rb
@@ -117,9 +117,9 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
     assert_nil user.authenticatable_salt
   end
 
-  test 'should not generate a hashed password if password is blank' do
-    assert_blank new_user(password: nil).encrypted_password
-    assert_blank new_user(password: '').encrypted_password
+  test 'should set encrypted password to nil if password is nil' do
+    assert_nil new_user(password: nil).encrypted_password
+    assert_nil new_user(password: '').encrypted_password
   end
 
   test 'should hash password again if password has changed' do
@@ -307,4 +307,11 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
       ]
     end
   end
+
+  test 'nil password should be invalid if password is set to nil' do
+    user = User.create(email: "HEllO@example.com", password: "12345678")
+    user.password = nil
+    refute user.valid_password?('12345678')
+    refute user.valid_password?(nil)
+  end
 end