diff --git a/.travis.yml b/.travis.yml
index c9171e9..4ec3464 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -9,4 +9,4 @@ env:
     - REQUIRE_FRAMEWORKTEST="^0.4.2"
     - SS_MFA_SECRET_KEY=TEST123
     # Used by behat-extension LoginContext which expects a screen to choose either totp or webauthn when not skipping mfa
-    - REQUIRE_EXTRA="silverstripe/webauthn-authenticator:^4"
+    - REQUIRE_EXTRA="silverstripe/webauthn-authenticator:4.x-dev"
diff --git a/src/RegisterHandler.php b/src/RegisterHandler.php
index 891f24f..09c9ba7 100644
--- a/src/RegisterHandler.php
+++ b/src/RegisterHandler.php
@@ -78,7 +78,7 @@ public function start(StoreInterface $store): array
     protected function generateSecret(): string
     {
         $length = $this->config()->get('secret_length');
-        return substr(trim(Base32::encodeUpper(random_bytes(64)), '='), 0, $length);
+        return substr(trim(Base32::encodeUpper(random_bytes(64)) ?? '', '='), 0, $length);
     }
 
     /**
@@ -92,7 +92,7 @@ protected function generateSecret(): string
      */
     public function register(HTTPRequest $request, StoreInterface $store): Result
     {
-        $data = json_decode($request->getBody(), true);
+        $data = json_decode($request->getBody() ?? '', true);
         $result = $this->getTotp($store)->verify($data['code'] ?? '');
         if (!$result) {
             return Result::create(false, _t(__CLASS__ . '.INVALID_CODE', 'Provided code was not valid'));
diff --git a/src/VerifyHandler.php b/src/VerifyHandler.php
index c79de31..d6d135b 100644
--- a/src/VerifyHandler.php
+++ b/src/VerifyHandler.php
@@ -75,7 +75,7 @@ public function start(StoreInterface $store, RegisteredMethod $method): array
 
     public function verify(HTTPRequest $request, StoreInterface $store, RegisteredMethod $registeredMethod): Result
     {
-        $data = json_decode($request->getBody(), true);
+        $data = json_decode($request->getBody() ?? '', true);
         if (!$this->getTotp($store)->verify($data['code'] ?? '')) {
             return Result::create(false, _t(__CLASS__ . '.INVALID_CODE', 'Invalid code'));
         }
diff --git a/tests/behat/src/FeatureContext.php b/tests/behat/src/FeatureContext.php
index 566a85c..0c87ac4 100644
--- a/tests/behat/src/FeatureContext.php
+++ b/tests/behat/src/FeatureContext.php
@@ -44,8 +44,8 @@ public function iPressTheBackupCodesButton($button)
      */
     private function pressMfaButton($section, $button)
     {
-        $section = str_replace("'", "\\'", $section);
-        $button = str_replace("'", "\\'", $button);
+        $section = str_replace("'", "\\'", $section ?? '');
+        $button = str_replace("'", "\\'", $button ?? '');
         $js = <<<JS
             document.querySelectorAll('.registered-method-list-item').forEach(el => {
                 if (!el.innerHTML.includes('{$section}')) {
diff --git a/tests/php/RegisterHandlerTest.php b/tests/php/RegisterHandlerTest.php
index 5167654..d10b963 100644
--- a/tests/php/RegisterHandlerTest.php
+++ b/tests/php/RegisterHandlerTest.php
@@ -49,12 +49,12 @@ public function testStart()
 
         $this->assertTrue($result['enabled'], 'Method should be enabled');
         $this->assertStringContainsString(
-            rawurlencode(SiteConfig::current_site_config()->Title),
+            rawurlencode(SiteConfig::current_site_config()->Title ?? ''),
             $result['uri'],
             'Site name should be stored in provisioning URI'
         );
         $this->assertStringContainsString(
-            rawurlencode($this->member->Email),
+            rawurlencode($this->member->Email ?? ''),
             $result['uri'],
             'Provisioning URI should contain user email'
         );