diff --git a/src/core-utils/gnc-uri-utils.c b/src/core-utils/gnc-uri-utils.c
index a246c8c701..a926a4bb51 100644
--- a/src/core-utils/gnc-uri-utils.c
+++ b/src/core-utils/gnc-uri-utils.c
@@ -230,9 +230,9 @@ gchar *gnc_uri_create_uri (const gchar *protocol,
      */
     g_return_val_if_fail( hostname != 0, NULL );
 
-    if ( username != NULL )
+    if ( username != NULL && *username )
     {
-        if ( password != NULL )
+        if ( password != NULL && *password )
             userpass = g_strdup_printf ( "%s:%s@", username, password );
         else
             userpass = g_strdup_printf ( "%s@", username );
diff --git a/src/gnome-utils/gnc-keyring.c b/src/gnome-utils/gnc-keyring.c
index c5eef02cf2..2488820fb6 100644
--- a/src/gnome-utils/gnc-keyring.c
+++ b/src/gnome-utils/gnc-keyring.c
@@ -147,32 +147,33 @@ gboolean gnc_keyring_get_password ( GtkWidget *parent,
      * So we use the security domain parameter to allow us to
      * distinguish between these two.
      */
-    status = SecKeychainFindInternetPassword( NULL,
-             strlen(server), server,
-             strlen(access_method), access_method,
-             strlen(*user), *user,
-             strlen(service), service,
-             port,
-             kSecProtocolTypeAny,
-             kSecAuthenticationTypeDefault,
-             &password_length, &password_data,
-             NULL);
-
-    if ( status == noErr )
+    if (*user != NULL)
     {
-        *password = (gchar*)xmalloc(( password_length + 1 ) * sizeof(char));
-        strncpy(*password, password_data, (size_t)password_length);
-        (*password)[password_length] = '\0';
-        password_found = TRUE;
-        SecKeychainItemFreeContent(NULL, password_data);
-    }
-    else
-    {
-        CFStringRef osx_resultstring = SecCopyErrorMessageString( status, NULL );
-        const gchar *resultstring = CFStringGetCStringPtr(osx_resultstring,
-                                                    GetApplicationTextEncoding());
-        PWARN ( "OS X keychain error: %s", resultstring );
-        CFRelease ( osx_resultstring );
+        status = SecKeychainFindInternetPassword( NULL,
+                 strlen(server), server,
+                 strlen(access_method), access_method,
+                 strlen(*user), *user,
+                 strlen(service), service,
+                 port,
+                 kSecProtocolTypeAny,
+                 kSecAuthenticationTypeDefault,
+                 &password_length, &password_data,
+                 NULL);
+    
+        if ( status == noErr )
+        {
+            *password = g_strndup(password_data, password_length);
+            password_found = TRUE;
+            SecKeychainItemFreeContent(NULL, password_data);
+        }
+        else
+        {
+            CFStringRef osx_resultstring = SecCopyErrorMessageString( status, NULL );
+            const gchar *resultstring = CFStringGetCStringPtr(osx_resultstring,
+                                                        GetApplicationTextEncoding());
+            PWARN ( "OS X keychain error: %s", resultstring );
+            CFRelease ( osx_resultstring );
+        }
     }
 #endif /* HAVE_OSX_KEYCHAIN */