diff --git a/class-two-factor-core.php b/class-two-factor-core.php
index bcd89301..795e9099 100644
--- a/class-two-factor-core.php
+++ b/class-two-factor-core.php
@@ -1208,7 +1208,7 @@ public static function create_login_nonce( $user_id ) {
 		try {
 			$login_nonce['key'] = bin2hex( random_bytes( 32 ) );
 		} catch ( Exception $ex ) {
-			$login_nonce['key'] = wp_hash( $user_id . wp_rand() . microtime(), 'nonce' );
+			return false;
 		}
 
 		// Store the nonce hashed to avoid leaking it via database access.