diff --git a/pkg/connector/login.go b/pkg/connector/login.go
index e157e5a2..0fe4663c 100644
--- a/pkg/connector/login.go
+++ b/pkg/connector/login.go
@@ -159,8 +159,22 @@ func (bl *baseLogin) makeClient(ctx context.Context, dispatcher *tg.UpdateDispat
 }
 
 var passwordLoginStep = &bridgev2.LoginStep{
-	Type:   bridgev2.LoginStepTypeUserInput,
-	StepID: LoginStepIDPassword,
+	Type:         bridgev2.LoginStepTypeUserInput,
+	StepID:       LoginStepIDPassword,
+	Instructions: "You have two-factor authentication enabled.",
+	UserInputParams: &bridgev2.LoginUserInputParams{
+		Fields: []bridgev2.LoginInputDataField{{
+			Type: bridgev2.LoginInputFieldTypePassword,
+			ID:   LoginStepIDPassword,
+			Name: "Password",
+		}},
+	},
+}
+
+var passwordIncorrectLoginStep = &bridgev2.LoginStep{
+	Type:         bridgev2.LoginStepTypeUserInput,
+	StepID:       LoginStepIDPasswordIncorrect,
+	Instructions: "Incorrect password, please try again. Use the official Telegram app to reset your password if you've forgotten it.",
 	UserInputParams: &bridgev2.LoginUserInputParams{
 		Fields: []bridgev2.LoginInputDataField{{
 			Type: bridgev2.LoginInputFieldTypePassword,
@@ -179,9 +193,7 @@ func (bl *baseLogin) submitPassword(ctx context.Context, password, loginPhone st
 	authorization, err := bl.client.Auth().Password(ctx, password)
 	if err != nil {
 		if errors.Is(err, auth.ErrPasswordInvalid) {
-			// TODO re-prompt password instead of cancelling
-			bl.Cancel()
-			return nil, ErrInvalidPassword
+			return passwordIncorrectLoginStep, nil
 		}
 		bl.Cancel()
 		return nil, fmt.Errorf("failed to submit password: %w", err)
diff --git a/pkg/connector/loginphone.go b/pkg/connector/loginphone.go
index 054ac045..7bb14e6c 100644
--- a/pkg/connector/loginphone.go
+++ b/pkg/connector/loginphone.go
@@ -30,9 +30,11 @@ import (
 )
 
 const (
-	LoginStepIDPhoneNumber = "fi.mau.telegram.login.phone_number"
-	LoginStepIDCode        = "fi.mau.telegram.login.code"
-	LoginStepIDPassword    = "fi.mau.telegram.login.password"
+	LoginStepIDPhoneNumber       = "fi.mau.telegram.login.phone_number"
+	LoginStepIDCode              = "fi.mau.telegram.login.code"
+	LoginStepIDCodeIncorrect     = "fi.mau.telegram.login.code.incorrect"
+	LoginStepIDPassword          = "fi.mau.telegram.login.password"
+	LoginStepIDPasswordIncorrect = "fi.mau.telegram.login.password.incorrect"
 )
 
 type PhoneLogin struct {
@@ -86,6 +88,32 @@ func (pl *PhoneLogin) SubmitUserInput(ctx context.Context, input map[string]stri
 	}
 }
 
+var phoneLoginStep = &bridgev2.LoginStep{
+	Type:   bridgev2.LoginStepTypeUserInput,
+	StepID: LoginStepIDCode,
+	UserInputParams: &bridgev2.LoginUserInputParams{
+		Fields: []bridgev2.LoginInputDataField{{
+			Type:        bridgev2.LoginInputFieldType2FACode,
+			ID:          LoginStepIDCode,
+			Name:        "Code",
+			Description: "The code was sent to the Telegram app on your phone",
+		}},
+	},
+}
+
+var phoneCodeIncorrectStep = &bridgev2.LoginStep{
+	Type:         bridgev2.LoginStepTypeUserInput,
+	StepID:       LoginStepIDCodeIncorrect,
+	Instructions: "Incorrect code",
+	UserInputParams: &bridgev2.LoginUserInputParams{
+		Fields: []bridgev2.LoginInputDataField{{
+			Type: bridgev2.LoginInputFieldType2FACode,
+			ID:   LoginStepIDCode,
+			Name: "Code",
+		}},
+	},
+}
+
 func (pl *PhoneLogin) submitNumber(ctx context.Context, phone string) (*bridgev2.LoginStep, error) {
 	if phone == "" {
 		return nil, fmt.Errorf("phone number is empty")
@@ -105,18 +133,7 @@ func (pl *PhoneLogin) submitNumber(ctx context.Context, phone string) (*bridgev2
 	switch s := sentCode.(type) {
 	case *tg.AuthSentCode:
 		pl.hash = s.PhoneCodeHash
-		return &bridgev2.LoginStep{
-			Type:   bridgev2.LoginStepTypeUserInput,
-			StepID: LoginStepIDCode,
-			UserInputParams: &bridgev2.LoginUserInputParams{
-				Fields: []bridgev2.LoginInputDataField{{
-					Type:        bridgev2.LoginInputFieldType2FACode,
-					ID:          LoginStepIDCode,
-					Name:        "Code",
-					Description: "The code was sent to the Telegram app on your phone",
-				}},
-			},
-		}, nil
+		return phoneLoginStep, nil
 	case *tg.AuthSentCodeSuccess:
 		switch authorization := s.Authorization.(type) {
 		case *tg.AuthAuthorization:
@@ -140,7 +157,7 @@ func (pl *PhoneLogin) submitCode(ctx context.Context, code string) (*bridgev2.Lo
 		pl.codeSubmitted = true
 		return passwordLoginStep, nil
 	} else if errors.Is(err, auth.ErrPhoneCodeInvalid) {
-		return nil, ErrPhoneCodeInvalid
+		return phoneCodeIncorrectStep, nil
 	} else if errors.Is(err, &auth.SignUpRequired{}) {
 		return nil, ErrSignUpNotSupported
 	} else if err != nil {
diff --git a/pkg/gotd/telegram/auth/user.go b/pkg/gotd/telegram/auth/user.go
index 2fa2441d..3ef54307 100644
--- a/pkg/gotd/telegram/auth/user.go
+++ b/pkg/gotd/telegram/auth/user.go
@@ -112,7 +112,7 @@ func (c *Client) SignIn(ctx context.Context, phone, code, codeHash string) (*tg.
 		return nil, ErrPasswordAuthNeeded
 	}
 	if tgerr.Is(err, "PHONE_CODE_INVALID") {
-		return nil, ErrPasswordAuthNeeded
+		return nil, ErrPhoneCodeInvalid
 	}
 	if err != nil {
 		return nil, errors.Wrap(err, "sign in")