diff --git a/server/routes/user.js b/server/routes/user.js
index c2015f6..251a105 100644
--- a/server/routes/user.js
+++ b/server/routes/user.js
@@ -426,8 +426,25 @@ async function loginLocal(req, res, next) {
     const user = await User.findOne({ where: whereClause });
     console.log('🔧 DEBUG: Found user:', user ? { id: user.id, username: user.username, tenant_id: user.tenant_id } : 'null');
 
-    if (!user || !await bcrypt.compare(password, user.password_hash)) {
-      console.log(`❌ Authentication failed for "${username}" in tenant "${req.tenant?.id}"`);
+    if (!user) {
+      console.log(`❌ Authentication failed for "${username}" in tenant "${req.tenant?.id}" - User not found`);
+      return res.status(401).json({
+        success: false,
+        message: 'Invalid credentials'
+      });
+    }
+
+    console.log('🔧 DEBUG: Comparing password with hash:', { 
+      passwordLength: password.length, 
+      hashLength: user.password_hash?.length,
+      hashPrefix: user.password_hash?.substring(0, 10) + '...'
+    });
+    
+    const passwordMatch = await bcrypt.compare(password, user.password_hash);
+    console.log('🔧 DEBUG: Password match result:', passwordMatch);
+
+    if (!passwordMatch) {
+      console.log(`❌ Authentication failed for "${username}" in tenant "${req.tenant?.id}" - Invalid password`);
       return res.status(401).json({
         success: false,
         message: 'Invalid credentials'