diff --git a/irrd/rpsl/rpsl_objects.py b/irrd/rpsl/rpsl_objects.py
index 56020bbda..3229bf306 100644
--- a/irrd/rpsl/rpsl_objects.py
+++ b/irrd/rpsl/rpsl_objects.py
@@ -468,7 +468,7 @@ def clean(self):
             )
 
     def verify_auth(self, passwords: List[str], keycert_obj_pk: Optional[str] = None) -> Optional[str]:
-        return verify_auth_lines(self.parsed_data["auth"], passwords, keycert_obj_pk)
+        return verify_auth_lines(self.parsed_data.get("auth", []), passwords, keycert_obj_pk)
 
     def has_dummy_auth_value(self) -> bool:
         """
diff --git a/irrd/updates/tests/test_validators.py b/irrd/updates/tests/test_validators.py
index 017d3a48f..0962e0727 100644
--- a/irrd/updates/tests/test_validators.py
+++ b/irrd/updates/tests/test_validators.py
@@ -180,6 +180,28 @@ def test_valid_new_person(self, prepare_mocks):
             ["rpsl_pks", ({"TEST-MNT"},), {}],
         ]
 
+    def test_new_person_with_authless_mntner(self, prepare_mocks, config_override):
+        # "authless" meaning: no auth lines that are currently enabled - #891
+        config_override(
+            {
+                "auth": {"password_hashers": {"crypt-pw": "disabled"}},
+            }
+        )
+
+        validator, mock_dq, mock_dh = prepare_mocks
+        person = rpsl_object_from_text(SAMPLE_PERSON)
+        cryptonly_maintainer = "\n".join(
+            line for line in SAMPLE_MNTNER.splitlines() if not line.startswith("auth:") or "CRYPT" in line
+        )
+        print(cryptonly_maintainer)
+        mock_dh.execute_query = lambda q: [
+            {"object_class": "mntner", "object_text": cryptonly_maintainer},
+        ]
+
+        validator.passwords = [SAMPLE_MNTNER_MD5]
+        result = validator.process_auth(person, None)
+        assert not result.is_valid()
+
     def test_valid_new_person_api_key(self, prepare_mocks, monkeypatch):
         validator, mock_dq, mock_dh = prepare_mocks
         person = rpsl_object_from_text(SAMPLE_PERSON)