diff --git a/app/Http/Controllers/AccountController.php b/app/Http/Controllers/AccountController.php
index dad177f46..b7f567d7e 100644
--- a/app/Http/Controllers/AccountController.php
+++ b/app/Http/Controllers/AccountController.php
@@ -295,7 +295,10 @@ class AccountController extends Controller
         if(password_verify($password, $user->password) === true) {
             $request->session()->put('sudoMode', time());
             return redirect($next);
+        } else {
+            return redirect()
+                ->back()
+                ->withErrors(['password' => __('auth.failed')]);
         }
-        return redirect($next);
     }
 }
diff --git a/app/User.php b/app/User.php
index 3060cabd3..4e014f046 100644
--- a/app/User.php
+++ b/app/User.php
@@ -33,7 +33,9 @@ class User extends Authenticatable
      * @var array
      */
     protected $hidden = [
-        'password', 'remember_token',
+        'email', 'password', 'is_admin', 'remember_token', 
+        'email_verified_at', '2fa_enabled', '2fa_secret', 
+        '2fa_backup_codes', '2fa_setup_at',
     ];
 
     public function profile()