diff --git a/providers/class-two-factor-totp.php b/providers/class-two-factor-totp.php
index 73c0b86d..a70fba2d 100644
--- a/providers/class-two-factor-totp.php
+++ b/providers/class-two-factor-totp.php
@@ -274,7 +274,17 @@ public function get_user_totp_key( $user_id ) {
 			$user_meta_value = self::encrypt( $user_meta_value, $user_id );
 			update_user_meta( $user_id, self::SECRET_META_KEY, $user_meta_value );
 		}
-		return self::decrypt( $user_meta_value, $user_id );
+
+		try {
+			$decrypted = self::decrypt( $user_meta_value, $user_id );
+		} catch ( RuntimeException $exception ) {
+			$decrypted = '';
+			// todo this is probably wrong.
+			// er maybe not
+			// means that the salt changed, and they need to rotate
+		}
+
+		return $decrypted;
 	}
 
 	/**