diff --git a/Yesod/Auth/HashDB.hs b/Yesod/Auth/HashDB.hs
--- a/Yesod/Auth/HashDB.hs
+++ b/Yesod/Auth/HashDB.hs
@@ -96,16 +96,17 @@
 -- the function which the scaffolding defines: 'getAuthIdHashDB' is just a
 -- convenience for the case when 'HashDB' is the only plugin.
 --
--- The application developer should provide an interface for setting passwords;
--- it needs to call 'setPassword' and save the result in the database.
--- You can also create password hashes manually as follows, if you need to
--- initialise the database by hand:
+-- For a real application, the developer should provide some sort of
+-- of administrative interface for setting passwords; it needs to call
+-- 'setPassword' and save the result in the database.  However, if you
+-- need to initialise the database by hand, you can generate the correct
+-- password hash as follows:
 --
 -- > ghci -XOverloadedStrings
 -- > > import Crypto.PasswordStore
--- > > makePassword "MyPassword" 14
+-- > > makePassword "MyPassword" 17
 --
--- where \"14\" is the default strength parameter ('defaultStrength') used
+-- where \"17\" is the default strength parameter ('defaultStrength') used
 -- in this module.
 --
 -- == Custom Login Form
@@ -159,6 +160,7 @@
 import Yesod.Form
 import Yesod.Auth
 import Yesod.Core
+import qualified Yesod.Auth.Message as Msg
 
 import Control.Applicative         ((<$>), (<*>))
 import Data.Typeable
@@ -173,7 +175,7 @@
 -- | Default strength used for passwords (see "Crypto.PasswordStore" for
 --   details).
 defaultStrength :: Int
-defaultStrength = 14
+defaultStrength = 17
 
 -- | The type representing user information stored in the database should
 --   be an instance of this class.  It just provides the getters and setters
@@ -377,10 +379,8 @@
     isValid <- lift $ fromMaybe (return False) 
                  (validateUser <$> (uniq =<< mu) <*> mp)
     if isValid 
-       then lift $ setCredsRedirect $ Creds "hashdb" (fromMaybe "" mu) []
-       else do
-           tm <- getRouteToParent
-           lift $ loginErrorMessage (tm LoginR) "Invalid username/password"
+        then lift $ setCredsRedirect $ Creds "hashdb" (fromMaybe "" mu) []
+        else loginErrorMessageI LoginR Msg.InvalidUsernamePass
 
 
 -- | A drop in for the getAuthId method of your YesodAuth instance which
@@ -403,8 +403,9 @@
                 -- user exists
                 Just (Entity uid _) -> return $ Just uid
                 Nothing       -> do
-                                     _ <- loginErrorMessage (authR LoginR) "User not found"
-                                     return Nothing
+                    mr <- getMessageRender
+                    _ <- loginErrorMessage (authR LoginR) (mr Msg.InvalidUsernamePass)
+                    return Nothing
 
 -- | Prompt for username and password, validate that against a database
 --   which holds the username and a hash of the password
diff --git a/yesod-auth-hashdb.cabal b/yesod-auth-hashdb.cabal
--- a/yesod-auth-hashdb.cabal
+++ b/yesod-auth-hashdb.cabal
@@ -1,5 +1,5 @@
 name:            yesod-auth-hashdb
-version:         1.4.1.1
+version:         1.4.1.2
 license:         MIT
 license-file:    LICENSE
 author:          Patrick Brisbin, later changes Paul Rouse
