diff --git a/core/modules/user/src/Controller/UserAuthenticationController.php b/core/modules/user/src/Controller/UserAuthenticationController.php
index 7758b0d96d2f069a98c955ada8b7dc415326c902..af31a878ddcc957bbd2581bf257ab38703c0fbd4 100644
--- a/core/modules/user/src/Controller/UserAuthenticationController.php
+++ b/core/modules/user/src/Controller/UserAuthenticationController.php
@@ -201,7 +201,7 @@ public function login(Request $request) {
         $authenticated = $this->userAuth->authenticateAccount($account, $credentials['pass']) ? $account->id() : FALSE;
       }
       else {
-        $authenticated = $this->userAuth->authenticateAccount($credentials['name'], $credentials['pass']);
+        $authenticated = $this->userAuth->authenticate($credentials['name'], $credentials['pass']);
       }
       if ($authenticated) {
         $this->userFloodControl->clear('user.http_login', $this->getLoginFloodIdentifier($request, $credentials['name']));
diff --git a/core/modules/user/src/Form/UserLoginForm.php b/core/modules/user/src/Form/UserLoginForm.php
index 8fe696d15a53f7dd4a76f3702b0c5c538a123055..33e6653eb1543765f6f76e682b7a154f2a900e99 100644
--- a/core/modules/user/src/Form/UserLoginForm.php
+++ b/core/modules/user/src/Form/UserLoginForm.php
@@ -246,6 +246,13 @@ public function validateAuthentication(array &$form, FormStateInterface $form_st
         if ($this->userAuth instanceof UserAuthenticationInterface) {
           $form_state->set('uid', $this->userAuth->authenticateAccount($account, $password) ? $account->id() : FALSE);
         }
+        // The userAuth object is decorated by an object that that has not
+        // been upgraded to the new UserAuthenticationInterface. Fallback
+        // to the authenticate() method.
+        else {
+          $uid = $this->userAuth->authenticate($form_state->getValue('name'), $password);
+          $form_state->set('uid', $uid);
+        }
       }
       elseif (!$this->userAuth instanceof UserAuthenticationInterface) {
         $uid = $this->userAuth->authenticate($form_state->getValue('name'), $password);
diff --git a/core/modules/user/tests/modules/user_auth_decorator_test/src/UserAuthDecorator.php b/core/modules/user/tests/modules/user_auth_decorator_test/src/UserAuthDecorator.php
new file mode 100644
index 0000000000000000000000000000000000000000..fc2fd1a5c8fb8c87f1ee576a705e1987aeba9fad
--- /dev/null
+++ b/core/modules/user/tests/modules/user_auth_decorator_test/src/UserAuthDecorator.php
@@ -0,0 +1,28 @@
+<?php
+
+namespace Drupal\user_auth_decorator_test;
+
+use Drupal\user\UserAuthInterface;
+
+/**
+ * Helper to validate UserAuthInterface BC layers are functional.
+ */
+class UserAuthDecorator implements UserAuthInterface {
+
+  /**
+   * Constructs a UserAuthDecorator object.
+   *
+   * @param \Drupal\user\UserAuthInterface $inner
+   *   The inner User.Auth service.
+   */
+  public function __construct(protected UserAuthInterface $inner) {
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function authenticate($username, #[\SensitiveParameter] $password) {
+    return $this->inner->authenticate($username, $password);
+  }
+
+}
diff --git a/core/modules/user/tests/modules/user_auth_decorator_test/user_auth_decorator_test.info.yml b/core/modules/user/tests/modules/user_auth_decorator_test/user_auth_decorator_test.info.yml
new file mode 100644
index 0000000000000000000000000000000000000000..a05dfd67c2eedbb5b3bce70ad019b63d418d0db2
--- /dev/null
+++ b/core/modules/user/tests/modules/user_auth_decorator_test/user_auth_decorator_test.info.yml
@@ -0,0 +1,5 @@
+name: 'User Auth Service decorated only with UserAuthInterface'
+type: module
+description: 'Support module for user authentication testing.'
+package: Testing
+version: VERSION
diff --git a/core/modules/user/tests/modules/user_auth_decorator_test/user_auth_decorator_test.services.yml b/core/modules/user/tests/modules/user_auth_decorator_test/user_auth_decorator_test.services.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c274386664cb063e2925cd38f6690ac04823cf4b
--- /dev/null
+++ b/core/modules/user/tests/modules/user_auth_decorator_test/user_auth_decorator_test.services.yml
@@ -0,0 +1,6 @@
+services:
+  user_auth_decorator.user.auth:
+    class: \Drupal\user_auth_decorator_test\UserAuthDecorator
+    decorates: user.auth
+    arguments:
+      - '@user_auth_decorator.user.auth.inner'
diff --git a/core/modules/user/tests/src/Functional/Rest/UserJsonBasicAuthDecoratedTest.php b/core/modules/user/tests/src/Functional/Rest/UserJsonBasicAuthDecoratedTest.php
new file mode 100644
index 0000000000000000000000000000000000000000..463852243deca1fb851d4cecad3e5085ed4eaddb
--- /dev/null
+++ b/core/modules/user/tests/src/Functional/Rest/UserJsonBasicAuthDecoratedTest.php
@@ -0,0 +1,31 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Drupal\Tests\user\Functional\Rest;
+
+use Drupal\user_auth_decorator_test\UserAuthDecorator;
+
+/**
+ * Run UserJsonBasicAuthTest with a user.auth decorator.
+ *
+ * @group rest
+ * @group #slow
+ */
+class UserJsonBasicAuthDecoratedTest extends UserJsonBasicAuthTest {
+  /**
+   * Modules to install.
+   *
+   * @var array
+   */
+  protected static $modules = ['user_auth_decorator_test'];
+
+  /**
+   * Test that the UserAuthDecorator is providing user.auth.
+   */
+  public function testServiceDecorated(): void {
+    $service = \Drupal::service('user.auth');
+    $this->assertInstanceOf(UserAuthDecorator::class, $service);
+  }
+
+}
diff --git a/core/modules/user/tests/src/Functional/UserLoginDecoratedTest.php b/core/modules/user/tests/src/Functional/UserLoginDecoratedTest.php
new file mode 100644
index 0000000000000000000000000000000000000000..2f09b03927d56b642e51ebf5982425521df6eaa3
--- /dev/null
+++ b/core/modules/user/tests/src/Functional/UserLoginDecoratedTest.php
@@ -0,0 +1,33 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Drupal\Tests\user\Functional;
+
+use Drupal\user_auth_decorator_test\UserAuthDecorator;
+
+/**
+ * Ensure that login works as expected with a decorator.
+ *
+ * The decorator does not implement UserAuthenticationInterface.
+ *
+ * @group user
+ */
+class UserLoginDecoratedTest extends UserLoginTest {
+
+  /**
+   * Modules to install.
+   *
+   * @var array
+   */
+  protected static $modules = ['user_auth_decorator_test'];
+
+  /**
+   * Test that the UserAuthDecorator is providing user.auth.
+   */
+  public function testServiceDecorated(): void {
+    $service = \Drupal::service('user.auth');
+    $this->assertInstanceOf(UserAuthDecorator::class, $service);
+  }
+
+}
diff --git a/core/modules/user/tests/src/Functional/UserLoginHttpDecoratedTest.php b/core/modules/user/tests/src/Functional/UserLoginHttpDecoratedTest.php
new file mode 100644
index 0000000000000000000000000000000000000000..71ab498faf4f651df4c0afb362937e5b9d5cfa6c
--- /dev/null
+++ b/core/modules/user/tests/src/Functional/UserLoginHttpDecoratedTest.php
@@ -0,0 +1,33 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Drupal\Tests\user\Functional;
+
+use Drupal\user_auth_decorator_test\UserAuthDecorator;
+
+/**
+ * Tests login and password reset via direct HTTP with a user.auth decorator.
+ *
+ * The decorator does not implement UserAuthenticationInterface.
+ *
+ * @group user
+ */
+class UserLoginHttpDecoratedTest extends UserLoginHttpTest {
+
+  /**
+   * Modules to install.
+   *
+   * @var array
+   */
+  protected static $modules = ['user_auth_decorator_test'];
+
+  /**
+   * Test that the UserAuthDecorator is providing user.auth.
+   */
+  public function testServiceDecorated(): void {
+    $service = \Drupal::service('user.auth');
+    $this->assertInstanceOf(UserAuthDecorator::class, $service);
+  }
+
+}