diff --git a/jwt.cabal b/jwt.cabal
--- a/jwt.cabal
+++ b/jwt.cabal
@@ -2,7 +2,7 @@
 -- documentation, see http://haskell.org/cabal/users-guide/
 
 name:                jwt
-version:             0.1.0
+version:             0.1.1
 synopsis:            JSON Web Token (JWT) decoding and encoding
 license:             MIT
 license-file:        LICENSE
diff --git a/src/Web/JWT.hs b/src/Web/JWT.hs
--- a/src/Web/JWT.hs
+++ b/src/Web/JWT.hs
@@ -244,10 +244,14 @@
 -- > >>> mSignature
 -- > Nothing
 decode :: JSON -> Maybe (JWT UnverifiedJWT)
-decode input = let (h:c:_) = T.splitOn "." input
-                   header' = parseJWT h
-                   claims' = parseJWT c
-               in Unverified <$> header' <*> claims'
+decode input = do
+    (h,c) <- extractElems $ T.splitOn "." input
+    let header' = parseJWT h
+        claims' = parseJWT c
+    Unverified <$> header' <*> claims'
+    where
+        extractElems (h:c:_) = Just (h,c)
+        extractElems _       = Nothing
 
 
 -- | Decode a claims set and verify that the signature matches by using the supplied secret.
@@ -276,7 +280,7 @@
 -- > Just (Signature "Joh1R2dYzkRvDkqv3sygm5YyK8Gi4ShZqbhK2gxcs2U")
 decodeAndVerifySignature :: Secret -> T.Text -> Maybe (JWT VerifiedJWT)
 decodeAndVerifySignature secret' input = do
-        let (h:c:s:_) = T.splitOn "." input
+        (h,c,s) <- extractElems $ T.splitOn "." input
         header' <- parseJWT h
         claims' <- parseJWT c
         algo  <- fmap alg header'
@@ -285,6 +289,8 @@
     where
       calculateMessageDigest header' claims' (Just algo') = Just $ calculateDigest algo' secret' (dotted [header', claims'])
       calculateMessageDigest _ _ Nothing = Nothing
+      extractElems (h:c:s:_) = Just (h,c,s)
+      extractElems _         = Nothing
 
 -- | Try to extract the value for the issue claim field 'iss' from the web token in JSON form
 tokenIssuer :: JSON -> Maybe T.Text
diff --git a/tests/src/Web/JWTTests.hs b/tests/src/Web/JWTTests.hs
--- a/tests/src/Web/JWTTests.hs
+++ b/tests/src/Web/JWTTests.hs
@@ -52,6 +52,16 @@
         mJwt = decodeAndVerifySignature (secret "secret") input
     False @=? isJust mJwt
 
+case_decodeInvalidInput = do
+    let inputs = ["", "a.", "a.b"]
+        result = map decode inputs
+    True @=? (all isNothing result)
+
+case_decodeAndVerifySignatureInvalidInput = do
+    let inputs = ["", "a.", "a.b"]
+        result = map (decodeAndVerifySignature (secret "secret")) inputs
+    True @=? (all isNothing result)
+
 case_encodeJWTNoMac = do
     let cs = def {
         iss = Just "Foo"
