diff --git a/src/authy_api.c b/src/authy_api.c
index 31d3e1f..a3a38c0 100644
--- a/src/authy_api.c
+++ b/src/authy_api.c
@@ -177,7 +177,9 @@ tokenResponseIsValid(char *pszResponse)
      shouldn't be the last one because it won't be a key */
   for (cnt = 0; cnt < 19; cnt++)
   {
-    if(strncmp(pszResponse + (tokens[cnt]).start, "token", (tokens[cnt]).end - (tokens[cnt]).start) == 0)
+    /* avoid matching empty strings since "" == "" */
+    int len = (tokens[cnt]).end - (tokens[cnt]).start;
+    if(len > 0 && strncmp(pszResponse + (tokens[cnt]).start, "token", len) == 0)
     {
       if(strncmp(pszResponse + (tokens[cnt+1]).start, "is valid", (tokens[cnt+1]).end - (tokens[cnt+1]).start) == 0){
         return TRUE;