diff --git a/src/main/java/com/commafeed/backend/dao/FeedEntryStatusDAO.java b/src/main/java/com/commafeed/backend/dao/FeedEntryStatusDAO.java
index 3f7fc7ec..a40c1273 100644
--- a/src/main/java/com/commafeed/backend/dao/FeedEntryStatusDAO.java
+++ b/src/main/java/com/commafeed/backend/dao/FeedEntryStatusDAO.java
@@ -112,7 +112,7 @@ public class FeedEntryStatusDAO extends GenericDAO<FeedEntryStatus> {
 		List<FeedEntryStatus> statuses = query.list(status);
 		for (FeedEntryStatus status : statuses) {
 			status = handleStatus(user, status, status.getSubscription(), status.getEntry());
-			status = fetchTags(user, status);
+			fetchTags(user, status);
 		}
 		return lazyLoadContent(includeContent, statuses);
 	}
diff --git a/src/main/java/com/commafeed/backend/service/MailService.java b/src/main/java/com/commafeed/backend/service/MailService.java
index 96f14029..23919710 100644
--- a/src/main/java/com/commafeed/backend/service/MailService.java
+++ b/src/main/java/com/commafeed/backend/service/MailService.java
@@ -1,6 +1,5 @@
 package com.commafeed.backend.service;
 
-import java.io.Serializable;
 import java.util.Properties;
 
 import javax.mail.Authenticator;
@@ -21,9 +20,8 @@ import com.commafeed.backend.model.User;
  * Mailing service
  * 
  */
-@SuppressWarnings("serial")
 @RequiredArgsConstructor
-public class MailService implements Serializable {
+public class MailService {
 
 	private final CommaFeedConfiguration config;
 
diff --git a/src/main/java/com/commafeed/backend/service/PasswordEncryptionService.java b/src/main/java/com/commafeed/backend/service/PasswordEncryptionService.java
index 65087d38..6a8a38a3 100644
--- a/src/main/java/com/commafeed/backend/service/PasswordEncryptionService.java
+++ b/src/main/java/com/commafeed/backend/service/PasswordEncryptionService.java
@@ -12,12 +12,17 @@ import javax.crypto.spec.PBEKeySpec;
 
 import lombok.extern.slf4j.Slf4j;
 
+import org.apache.commons.lang.StringUtils;
+
 // taken from http://www.javacodegeeks.com/2012/05/secure-password-storage-donts-dos-and.html
 @SuppressWarnings("serial")
 @Slf4j
 public class PasswordEncryptionService implements Serializable {
 
 	public boolean authenticate(String attemptedPassword, byte[] encryptedPassword, byte[] salt) {
+		if (StringUtils.isBlank(attemptedPassword)) {
+			return false;
+		}
 		// Encrypt the clear-text password using the same salt that was used to
 		// encrypt the original password
 		byte[] encryptedAttemptedPassword = null;
@@ -28,6 +33,10 @@ public class PasswordEncryptionService implements Serializable {
 			log.error(e.getMessage(), e);
 		}
 
+		if (encryptedAttemptedPassword == null) {
+			return false;
+		}
+
 		// Authentication succeeds if encrypted password that the user entered
 		// is equal to the stored hash
 		return MessageDigest.isEqual(encryptedPassword, encryptedAttemptedPassword);