diff --git a/ci/qa/phpstan-baseline.neon b/ci/qa/phpstan-baseline.neon
index dd7e15771..3190610d6 100644
--- a/ci/qa/phpstan-baseline.neon
+++ b/ci/qa/phpstan-baseline.neon
@@ -2665,19 +2665,14 @@ parameters:
 			count: 2
 			path: ../../src/Surfnet/StepupMiddleware/ApiBundle/Identity/Projector/RecoveryTokenProjector.php
 
-		-
-			message: "#^Cannot access property \\$secondFactorIdentifier on Surfnet\\\\StepupMiddleware\\\\ApiBundle\\\\Identity\\\\Entity\\\\UnverifiedSecondFactor\\|null\\.$#"
-			count: 1
-			path: ../../src/Surfnet/StepupMiddleware/ApiBundle/Identity/Projector/SecondFactorProjector.php
-
 		-
 			message: "#^Parameter \\#1 \\$secondFactor of method Surfnet\\\\StepupMiddleware\\\\ApiBundle\\\\Identity\\\\Repository\\\\UnverifiedSecondFactorRepository\\:\\:remove\\(\\) expects Surfnet\\\\StepupMiddleware\\\\ApiBundle\\\\Identity\\\\Entity\\\\UnverifiedSecondFactor, Surfnet\\\\StepupMiddleware\\\\ApiBundle\\\\Identity\\\\Entity\\\\UnverifiedSecondFactor\\|null given\\.$#"
-			count: 3
+			count: 2
 			path: ../../src/Surfnet/StepupMiddleware/ApiBundle/Identity/Projector/SecondFactorProjector.php
 
 		-
 			message: "#^Parameter \\#1 \\$secondFactor of method Surfnet\\\\StepupMiddleware\\\\ApiBundle\\\\Identity\\\\Repository\\\\VerifiedSecondFactorRepository\\:\\:remove\\(\\) expects Surfnet\\\\StepupMiddleware\\\\ApiBundle\\\\Identity\\\\Entity\\\\VerifiedSecondFactor, Surfnet\\\\StepupMiddleware\\\\ApiBundle\\\\Identity\\\\Entity\\\\VerifiedSecondFactor\\|null given\\.$#"
-			count: 4
+			count: 3
 			path: ../../src/Surfnet/StepupMiddleware/ApiBundle/Identity/Projector/SecondFactorProjector.php
 
 		-
diff --git a/src/Surfnet/Stepup/Identity/Event/U2fDevicePossessionProvenEvent.php b/src/Surfnet/Stepup/Identity/Event/U2fDevicePossessionProvenEvent.php
index 200254f7c..6d6327061 100644
--- a/src/Surfnet/Stepup/Identity/Event/U2fDevicePossessionProvenEvent.php
+++ b/src/Surfnet/Stepup/Identity/Event/U2fDevicePossessionProvenEvent.php
@@ -22,10 +22,12 @@
 use Surfnet\Stepup\Identity\Value\CommonName;
 use Surfnet\Stepup\Identity\Value\Email;
 use Surfnet\Stepup\Identity\Value\EmailVerificationWindow;
+use Surfnet\Stepup\Identity\Value\GssfId;
 use Surfnet\Stepup\Identity\Value\IdentityId;
 use Surfnet\Stepup\Identity\Value\Institution;
 use Surfnet\Stepup\Identity\Value\Locale;
 use Surfnet\Stepup\Identity\Value\SecondFactorId;
+use Surfnet\Stepup\Identity\Value\SecondFactorIdentifier;
 use Surfnet\Stepup\Identity\Value\U2fKeyHandle;
 use Surfnet\StepupBundle\Value\SecondFactorType;
 use Surfnet\StepupMiddleware\CommandHandlingBundle\SensitiveData\Forgettable;
@@ -55,7 +57,7 @@ class U2fDevicePossessionProvenEvent extends IdentityEvent implements Forgettabl
      * @param IdentityId $identityId
      * @param Institution $identityInstitution
      * @param SecondFactorId $secondFactorId
-     * @param U2fKeyHandle $keyHandle
+     * @param SecondFactorIdentifier $keyHandle
      * @param bool $emailVerificationRequired
      * @param EmailVerificationWindow $emailVerificationWindow
      * @param string $emailVerificationNonce
@@ -69,7 +71,7 @@ public function __construct(
         IdentityId              $identityId,
         Institution             $identityInstitution,
         public SecondFactorId          $secondFactorId,
-        public U2fKeyHandle            $keyHandle,
+        public SecondFactorIdentifier            $keyHandle,
         public bool             $emailVerificationRequired,
         public EmailVerificationWindow $emailVerificationWindow,
         public string           $emailVerificationNonce,
@@ -143,7 +145,6 @@ public function setSensitiveData(SensitiveData $sensitiveData): void
         $this->email = $sensitiveData->getEmail();
         $this->commonName = $sensitiveData->getCommonName();
         $keyHandle = $sensitiveData->getSecondFactorIdentifier();
-        assert($keyHandle instanceof U2fKeyHandle);
         $this->keyHandle = $keyHandle;
     }
 
diff --git a/src/Surfnet/StepupMiddleware/ApiBundle/Identity/Entity/RaCandidate.php b/src/Surfnet/StepupMiddleware/ApiBundle/Identity/Entity/RaCandidate.php
index 3c4f9fb54..4a3d8c327 100644
--- a/src/Surfnet/StepupMiddleware/ApiBundle/Identity/Entity/RaCandidate.php
+++ b/src/Surfnet/StepupMiddleware/ApiBundle/Identity/Entity/RaCandidate.php
@@ -30,7 +30,14 @@
 /**
  * Be aware that this entity is used for the RA Candidate presentation only. This entity shouldn't be used to store any RA candidates.
  */
+#[ORM\Table]
 #[ORM\Entity(repositoryClass: RaCandidateRepository::class, readOnly: true)]
+#[ORM\Index(name: "idx_ra_candidate_institution", columns: ["institution"])]
+#[ORM\Index(name: "idx_ra_candidate_name_id", columns: ["name_id"])]
+#[ORM\Index(name: "idxft_ra_candidate_email", columns: ["email"], flags: ['FULLTEXT'])]
+#[ORM\Index(name: "idxft_ra_candidate_commonname", columns: ["common_name"], flags: ['FULLTEXT'])]
+#[ORM\Index(name: "idx_ra_institution", columns: ["ra_institution"])]
+#[ORM\UniqueConstraint(name: "idx_ra_candidate_unique_identity_institution", columns: ["identity_id", "ra_institution"])]
 class RaCandidate implements JsonSerializable
 {
     /**
diff --git a/src/Surfnet/StepupMiddleware/ApiBundle/Identity/Projector/SecondFactorProjector.php b/src/Surfnet/StepupMiddleware/ApiBundle/Identity/Projector/SecondFactorProjector.php
index 355573cb4..1ce9912f3 100644
--- a/src/Surfnet/StepupMiddleware/ApiBundle/Identity/Projector/SecondFactorProjector.php
+++ b/src/Surfnet/StepupMiddleware/ApiBundle/Identity/Projector/SecondFactorProjector.php
@@ -155,6 +155,9 @@ public function applyGssfPossessionProvenAndVerifiedEvent(GssfPossessionProvenAn
     public function applyEmailVerifiedEvent(EmailVerifiedEvent $event): void
     {
         $unverified = $this->unverifiedRepository->find($event->secondFactorId->getSecondFactorId());
+        if (is_null($unverified)) {
+            return;
+        }
 
         $verified = new VerifiedSecondFactor();
         $verified->id = $event->secondFactorId->getSecondFactorId();
@@ -247,7 +250,11 @@ protected function applyCompliedWithUnverifiedSecondFactorRevocationEvent(
 
     protected function applyVerifiedSecondFactorRevokedEvent(VerifiedSecondFactorRevokedEvent $event): void
     {
-        $this->verifiedRepository->remove($this->verifiedRepository->find($event->secondFactorId->getSecondFactorId()));
+        $verifiedSecondFactor = $this->verifiedRepository->find($event->secondFactorId->getSecondFactorId());
+        if (is_null($verifiedSecondFactor)) {
+            return;
+        }
+        $this->verifiedRepository->remove($verifiedSecondFactor);
     }
 
     protected function applyCompliedWithVerifiedSecondFactorRevocationEvent(
diff --git a/src/Surfnet/StepupMiddleware/MiddlewareBundle/EventSourcing/DBALEventHydrator.php b/src/Surfnet/StepupMiddleware/MiddlewareBundle/EventSourcing/DBALEventHydrator.php
index 62092f525..67702b702 100644
--- a/src/Surfnet/StepupMiddleware/MiddlewareBundle/EventSourcing/DBALEventHydrator.php
+++ b/src/Surfnet/StepupMiddleware/MiddlewareBundle/EventSourcing/DBALEventHydrator.php
@@ -110,10 +110,6 @@ public function fetchByEventTypes(array $eventTypes): DomainEventStream
 
     private function deserializeEvent(array $row): DomainMessage
     {
-        echo '1: |'.(string)$row['payload']."|\n";
-        echo '2: |';
-        var_dump(json_decode($row['payload'], true, JSON_THROW_ON_ERROR));
-        echo "|\n";
         $event = $this->payloadSerializer->deserialize(json_decode((string)$row['payload'], true));
 
         if ($event instanceof Forgettable) {