diff --git a/libs/common/src/platform/services/fido2/domain-utils.spec.ts b/libs/common/src/platform/services/fido2/domain-utils.spec.ts
index 4b99c06cdec..995f9118afd 100644
--- a/libs/common/src/platform/services/fido2/domain-utils.spec.ts
+++ b/libs/common/src/platform/services/fido2/domain-utils.spec.ts
@@ -2,6 +2,18 @@ import { isValidRpId } from "./domain-utils";
 
 // Spec: If options.rp.id is not a registrable domain suffix of and is not equal to effectiveDomain, return a DOMException whose name is "SecurityError", and terminate this algorithm.
 describe("validateRpId", () => {
+  it("should not be valid when rpId is null", () => {
+    const origin = "example.com";
+
+    expect(isValidRpId(null, origin)).toBe(false);
+  });
+
+  it("should not be valid when origin is null", () => {
+    const rpId = "example.com";
+
+    expect(isValidRpId(rpId, null)).toBe(false);
+  });
+
   it("should not be valid when rpId is more specific than origin", () => {
     const rpId = "sub.login.bitwarden.com";
     const origin = "https://login.bitwarden.com:1337";
diff --git a/libs/common/src/platform/services/fido2/domain-utils.ts b/libs/common/src/platform/services/fido2/domain-utils.ts
index 67874355908..a3030f78a31 100644
--- a/libs/common/src/platform/services/fido2/domain-utils.ts
+++ b/libs/common/src/platform/services/fido2/domain-utils.ts
@@ -3,6 +3,9 @@
 import { parse } from "tldts";
 
 export function isValidRpId(rpId: string, origin: string) {
+  if (!rpId || !origin) {
+    return false;
+  }
   const parsedOrigin = parse(origin, { allowPrivateDomains: true });
   const parsedRpId = parse(rpId, { allowPrivateDomains: true });