diff --git a/cmd/web-handlers.go b/cmd/web-handlers.go
index 5d93a9d81..d358020b4 100644
--- a/cmd/web-handlers.go
+++ b/cmd/web-handlers.go
@@ -294,6 +294,9 @@ type LoginRep struct {
 func (web *webAPIHandlers) Login(r *http.Request, args *LoginArgs, reply *LoginRep) error {
 	token, err := authenticateWeb(args.Username, args.Password)
 	if err != nil {
+		// Make sure to log errors related to browser login,
+		// for security and auditing reasons.
+		errorIf(err, "Unable to login request from %s", r.RemoteAddr)
 		return toJSONError(err)
 	}
 
@@ -768,13 +771,30 @@ func toWebAPIError(err error) APIError {
 			HTTPStatusCode: http.StatusForbidden,
 			Description:    err.Error(),
 		}
-	}
-	if err == errServerNotInitialized {
+	} else if err == errServerNotInitialized {
 		return APIError{
 			Code:           "XMinioServerNotInitialized",
 			HTTPStatusCode: http.StatusServiceUnavailable,
 			Description:    err.Error(),
 		}
+	} else if err == errInvalidAccessKeyLength {
+		return APIError{
+			Code:           "AccessDenied",
+			HTTPStatusCode: http.StatusForbidden,
+			Description:    err.Error(),
+		}
+	} else if err == errInvalidSecretKeyLength {
+		return APIError{
+			Code:           "AccessDenied",
+			HTTPStatusCode: http.StatusForbidden,
+			Description:    err.Error(),
+		}
+	} else if err == errInvalidAccessKeyID {
+		return APIError{
+			Code:           "AccessDenied",
+			HTTPStatusCode: http.StatusForbidden,
+			Description:    err.Error(),
+		}
 	}
 
 	// Convert error type to api error code.
diff --git a/cmd/web-handlers_test.go b/cmd/web-handlers_test.go
index d187f3d64..057b28999 100644
--- a/cmd/web-handlers_test.go
+++ b/cmd/web-handlers_test.go
@@ -149,6 +149,7 @@ func testLoginWebHandler(obj ObjectLayer, instanceType string, t TestErrHandler)
 		{"", "foo", false},
 		{"azerty", "", false},
 		{"azerty", "foo", false},
+		{"azerty", "azerty123", false},
 		{credentials.AccessKey, credentials.SecretKey, true},
 	}