diff --git a/client/src/components/Login/Login.jsx b/client/src/components/Login/Login.jsx
index 6f547ee2..c7ae43b1 100755
--- a/client/src/components/Login/Login.jsx
+++ b/client/src/components/Login/Login.jsx
@@ -18,6 +18,11 @@ const createMessage = (error) => {
   }
 
   switch (error.message) {
+    case 'Invalid credentials':
+      return {
+        type: 'error',
+        content: 'common.invalidCredentials',
+      };
     case 'Invalid email or username':
       return {
         type: 'error',
@@ -116,6 +121,7 @@ const Login = React.memo(
     useEffect(() => {
       if (wasSubmitting && !isSubmitting && error) {
         switch (error.message) {
+          case 'Invalid credentials':
           case 'Invalid email or username':
             emailOrUsernameField.current.select();
 
diff --git a/client/src/locales/en-US/login.js b/client/src/locales/en-US/login.js
index 5e7f10c3..813522fe 100644
--- a/client/src/locales/en-US/login.js
+++ b/client/src/locales/en-US/login.js
@@ -3,6 +3,7 @@ export default {
     common: {
       emailOrUsername: 'E-mail or username',
       invalidEmailOrUsername: 'Invalid e-mail or username',
+      invalidCredentials: 'Invalid credentials',
       invalidPassword: 'Invalid password',
       logInToPlanka: 'Log in to Planka',
       noInternetConnection: 'No internet connection',
diff --git a/docker-compose-dev.yml b/docker-compose-dev.yml
index daac98f6..88a6433f 100644
--- a/docker-compose-dev.yml
+++ b/docker-compose-dev.yml
@@ -24,6 +24,8 @@ services:
       # Configure knex to accept SSL certificates
       # - KNEX_REJECT_UNAUTHORIZED_SSL_CERTIFICATE=false
 
+      # - SHOW_DETAILED_AUTH_ERRORS=false # Set to true to show more detailed authentication error messages. It should not be enabled without a rate limiter for security reasons.
+
       # - ALLOW_ALL_TO_CREATE_PROJECTS=true
 
       # - OIDC_ISSUER=
diff --git a/docker-compose.yml b/docker-compose.yml
index d28cfd6b..28ba07b8 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -31,6 +31,8 @@ services:
       # - DEFAULT_ADMIN_NAME=Demo Demo
       # - DEFAULT_ADMIN_USERNAME=demo
 
+      # - SHOW_DETAILED_AUTH_ERRORS=false # Set to true to show more detailed authentication error messages. It should not be enabled without a rate limiter for security reasons.
+
       # - ALLOW_ALL_TO_CREATE_PROJECTS=true
 
       # - OIDC_ISSUER=
diff --git a/server/.env.sample b/server/.env.sample
index 19cbc5c9..32a91dd5 100644
--- a/server/.env.sample
+++ b/server/.env.sample
@@ -22,6 +22,8 @@ SECRET_KEY=notsecretkey
 # DEFAULT_ADMIN_NAME=Demo Demo
 # DEFAULT_ADMIN_USERNAME=demo
 
+# SHOW_DETAILED_AUTH_ERRORS=false # Set to true to show more detailed authentication error messages. It should not be enabled without a rate limiter for security reasons.
+
 # ALLOW_ALL_TO_CREATE_PROJECTS=true
 
 # OIDC_ISSUER=
diff --git a/server/api/controllers/access-tokens/create.js b/server/api/controllers/access-tokens/create.js
index ed9eb8cb..8dc2faed 100755
--- a/server/api/controllers/access-tokens/create.js
+++ b/server/api/controllers/access-tokens/create.js
@@ -4,6 +4,9 @@ const validator = require('validator');
 const { getRemoteAddress } = require('../../../utils/remoteAddress');
 
 const Errors = {
+  INVALID_CREDENTIALS: {
+    invalidCredentials: 'Invalid credentials',
+  },
   INVALID_EMAIL_OR_USERNAME: {
     invalidEmailOrUsername: 'Invalid email or username',
   },
@@ -34,6 +37,9 @@ module.exports = {
   },
 
   exits: {
+    invalidCredentials: {
+      responseType: 'unauthorized',
+    },
     invalidEmailOrUsername: {
       responseType: 'unauthorized',
     },
@@ -57,7 +63,10 @@ module.exports = {
       sails.log.warn(
         `Invalid email or username: "${inputs.emailOrUsername}"! (IP: ${remoteAddress})`,
       );
-      throw Errors.INVALID_EMAIL_OR_USERNAME;
+
+      throw sails.config.custom.showDetailedAuthErrors
+        ? Errors.INVALID_EMAIL_OR_USERNAME
+        : Errors.INVALID_CREDENTIALS;
     }
 
     if (user.isSso) {
@@ -66,7 +75,10 @@ module.exports = {
 
     if (!bcrypt.compareSync(inputs.password, user.password)) {
       sails.log.warn(`Invalid password! (IP: ${remoteAddress})`);
-      throw Errors.INVALID_PASSWORD;
+
+      throw sails.config.custom.showDetailedAuthErrors
+        ? Errors.INVALID_PASSWORD
+        : Errors.INVALID_CREDENTIALS;
     }
 
     const accessToken = sails.helpers.utils.createToken(user.id);
diff --git a/server/config/custom.js b/server/config/custom.js
index 6d641573..d8d2fcdb 100644
--- a/server/config/custom.js
+++ b/server/config/custom.js
@@ -34,6 +34,8 @@ module.exports.custom = {
   defaultAdminEmail:
     process.env.DEFAULT_ADMIN_EMAIL && process.env.DEFAULT_ADMIN_EMAIL.toLowerCase(),
 
+  showDetailedAuthErrors: process.env.SHOW_DETAILED_AUTH_ERRORS === 'true',
+
   allowAllToCreateProjects: process.env.ALLOW_ALL_TO_CREATE_PROJECTS === 'true',
 
   oidcIssuer: process.env.OIDC_ISSUER,