diff --git a/xpra/server/auth/u2f_auth.py b/xpra/server/auth/u2f_auth.py
index a2f250c53d..4de004f2ad 100755
--- a/xpra/server/auth/u2f_auth.py
+++ b/xpra/server/auth/u2f_auth.py
@@ -117,9 +117,9 @@ def authenticate_check(self, challenge_response : str, client_salt : str=None) -
         from cryptography.hazmat.primitives.asymmetric import ec
         errors = {}
         for origin, public_key in self.public_keys.items():
-            verifier = public_key.verifier(sig, ec.ECDSA(hashes.SHA256()))
-            verifier.update(param)
             try:
+                verifier = public_key.verifier(sig, ec.ECDSA(hashes.SHA256()))
+                verifier.update(param)
                 verifier.verify()
                 log("ECDSA SHA256 verification passed for '%s'", origin)
                 return True