diff --git a/api/user.go b/api/user.go
index daaa3a5778..84906eece3 100644
--- a/api/user.go
+++ b/api/user.go
@@ -449,8 +449,8 @@ func login(c *Context, w http.ResponseWriter, r *http.Request) {
 
 		if result := <-Srv.Store.User().Get(id); result.Err != nil {
 			c.LogAuditWithUserId(user.Id, "failure")
-			c.Err = result.Err
-			c.Err.StatusCode = http.StatusBadRequest
+			//c.Err = model.NewLocAppError("login", "api.user.login.invalid_credentials", nil, result.Err.Error())
+			c.Err = model.NewLocAppError("login", "api.user.login.invalid_credentials", nil, "")
 			return
 		} else {
 			user = result.Data.(*model.User)
@@ -460,7 +460,8 @@ func login(c *Context, w http.ResponseWriter, r *http.Request) {
 
 		if user, err = getUserForLogin(loginId, ldapOnly); err != nil {
 			c.LogAudit("failure")
-			c.Err = err
+			//c.Err = model.NewLocAppError("login", "api.user.login.invalid_credentials", nil, err.Error())
+			c.Err = model.NewLocAppError("login", "api.user.login.invalid_credentials", nil, "")
 			return
 		}
 
@@ -470,7 +471,8 @@ func login(c *Context, w http.ResponseWriter, r *http.Request) {
 	// and then authenticate them
 	if user, err = authenticateUser(user, password, mfaToken); err != nil {
 		c.LogAuditWithUserId(user.Id, "failure")
-		c.Err = err
+		//c.Err = model.NewLocAppError("login", "api.user.login.invalid_credentials", nil, err.Error())
+		c.Err = model.NewLocAppError("login", "api.user.login.invalid_credentials", nil, "")
 		return
 	}
 
diff --git a/i18n/en.json b/i18n/en.json
index 8e40af1cc7..792c835bb1 100644
--- a/i18n/en.json
+++ b/i18n/en.json
@@ -1771,6 +1771,10 @@
     "id": "api.user.login.blank_pwd.app_error",
     "translation": "Password field must not be blank"
   },
+  {
+    "id": "api.user.login.invalid_credentials",
+    "translation": "User ID or password incorrect."
+  },
   {
     "id": "api.user.login.inactive.app_error",
     "translation": "Login failed because your account has been set to inactive.  Please contact an administrator."