diff --git a/src/Symfony/Component/Security/CHANGELOG.md b/src/Symfony/Component/Security/CHANGELOG.md
index d003c0ba717d..d4dfc3476abe 100644
--- a/src/Symfony/Component/Security/CHANGELOG.md
+++ b/src/Symfony/Component/Security/CHANGELOG.md
@@ -4,6 +4,8 @@ CHANGELOG
 5.0.0
 -----
 
+ * Implementations of `Guard\AuthenticatorInterface::checkCredentials()` must return
+   a boolean value now. Please explicitly return `false` to indicate invalid credentials.
  * The `LdapUserProvider` class has been removed, use `Symfony\Component\Ldap\Security\LdapUserProvider` instead.
  * The `FirewallMapInterface::getListeners()` method must return an array of 3 elements.
  * Removed the `ContextListener::setLogoutOnUserChange()` method.
diff --git a/src/Symfony/Component/Security/Guard/Provider/GuardAuthenticationProvider.php b/src/Symfony/Component/Security/Guard/Provider/GuardAuthenticationProvider.php
index 3212973d965c..6dec75530066 100644
--- a/src/Symfony/Component/Security/Guard/Provider/GuardAuthenticationProvider.php
+++ b/src/Symfony/Component/Security/Guard/Provider/GuardAuthenticationProvider.php
@@ -115,7 +115,7 @@ private function authenticateViaGuard(AuthenticatorInterface $guardAuthenticator
         $this->userChecker->checkPreAuth($user);
         if (true !== $checkCredentialsResult = $guardAuthenticator->checkCredentials($token->getCredentials(), $user)) {
             if (false !== $checkCredentialsResult) {
-                @trigger_error(sprintf('%s::checkCredentials() must return a boolean value. You returned %s. This behavior is deprecated in Symfony 4.4 and will trigger a TypeError in Symfony 5.', \get_class($guardAuthenticator), \is_object($checkCredentialsResult) ? \get_class($checkCredentialsResult) : \gettype($checkCredentialsResult)), E_USER_DEPRECATED);
+                throw new \TypeError(sprintf('%s::checkCredentials() must return a boolean value.', \get_class($guardAuthenticator)));
             }
 
             throw new BadCredentialsException(sprintf('Authentication failed because %s::checkCredentials() did not return true.', \get_class($guardAuthenticator)));
diff --git a/src/Symfony/Component/Security/Guard/Tests/Provider/GuardAuthenticationProviderTest.php b/src/Symfony/Component/Security/Guard/Tests/Provider/GuardAuthenticationProviderTest.php
index f1a56fe1fcf5..821f422233f3 100644
--- a/src/Symfony/Component/Security/Guard/Tests/Provider/GuardAuthenticationProviderTest.php
+++ b/src/Symfony/Component/Security/Guard/Tests/Provider/GuardAuthenticationProviderTest.php
@@ -119,41 +119,6 @@ public function testCheckCredentialsReturningFalseFailsAuthentication()
         $provider->authenticate($this->preAuthenticationToken);
     }
 
-    /**
-     * @group legacy
-     * @expectedDeprecation %s::checkCredentials() must return a boolean value. You returned NULL. This behavior is deprecated in Symfony 4.4 and will trigger a TypeError in Symfony 5.
-     */
-    public function testCheckCredentialsReturningNonTrueFailsAuthentication()
-    {
-        $this->expectException('Symfony\Component\Security\Core\Exception\BadCredentialsException');
-        $providerKey = 'my_uncool_firewall';
-
-        $authenticator = $this->getMockBuilder(AuthenticatorInterface::class)->getMock();
-
-        // make sure the authenticator is used
-        $this->preAuthenticationToken->expects($this->any())
-            ->method('getGuardProviderKey')
-            // the 0 index, to match the only authenticator
-            ->willReturn('my_uncool_firewall_0');
-
-        $this->preAuthenticationToken->expects($this->atLeastOnce())
-            ->method('getCredentials')
-            ->willReturn('non-null-value');
-
-        $mockedUser = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserInterface')->getMock();
-        $authenticator->expects($this->once())
-            ->method('getUser')
-            ->willReturn($mockedUser);
-        // checkCredentials is called
-        $authenticator->expects($this->once())
-            ->method('checkCredentials')
-            // authentication fails :(
-            ->willReturn(null);
-
-        $provider = new GuardAuthenticationProvider([$authenticator], $this->userProvider, $providerKey, $this->userChecker);
-        $provider->authenticate($this->preAuthenticationToken);
-    }
-
     public function testGuardWithNoLongerAuthenticatedTriggersLogout()
     {
         $this->expectException('Symfony\Component\Security\Core\Exception\AuthenticationExpiredException');

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>pFad - Phonifier reborn</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
<h1>Pfad - The Proxy pFad of &#169; 2024 Garber Painting. All rights reserved.</h1>


<!-- Disclaimer -->
<p>Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.</p>
<br>
<p>Alternative Proxies:</p><p><a href="http://rainy.clevelandohioweatherforecast.com/php-proxy/index.php?q=https://patch-diff.githubusercontent.com/raw/symfony/symfony/pull/33352.diff" target="_blank">Alternative Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/index.php?u=https://patch-diff.githubusercontent.com/raw/symfony/symfony/pull/33352.diff" target="_blank">pFad Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v3index.php?u=https://patch-diff.githubusercontent.com/raw/symfony/symfony/pull/33352.diff" target="_blank">pFad v3 Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v4index.php?u=https://patch-diff.githubusercontent.com/raw/symfony/symfony/pull/33352.diff" target="_blank">pFad v4 Proxy</a></p></body>
</html>