diff --git a/login.c b/login.c
index 25f6e87..895c339 100644
--- a/login.c
+++ b/login.c
@@ -59,8 +59,8 @@ main(int argc, char *argv[])
 	pass = getpass("Password: "); putchar('\n');
 	if (!pass)
 		eprintf("getpass:");
-	if (pw_check(pw, pass) == 0)
-		eprintf("incorrect password\n");
+	if (pw_check(pw, pass) <= 0)
+		exit(EXIT_FAILURE);
 
 	if (initgroups(argv[0], gid) < 0)
 		eprintf("initgroups:");
diff --git a/su.c b/su.c
index 1c69ce3..d9ec699 100644
--- a/su.c
+++ b/su.c
@@ -63,8 +63,8 @@ main(int argc, char *argv[])
 		pass = getpass("Password: "); putchar('\n');
 		if (!pass)
 			eprintf("getpass:");
-		if (pw_check(pw, pass) == 0)
-			eprintf("incorrect password\n");
+		if (pw_check(pw, pass) <= 0)
+			exit(EXIT_FAILURE);
 	}
 
 	if (initgroups(usr, pw->pw_gid) < 0)
diff --git a/util/passwd.c b/util/passwd.c
index 8e531b0..d428b7e 100644
--- a/util/passwd.c
+++ b/util/passwd.c
@@ -10,6 +10,8 @@
 #include "../text.h"
 #include "../util.h"
 
+/* Returns -1 on error, 0 for incorrect password
+ * and 1 if all went OK */
 int
 pw_check(struct passwd *pw, const char *pass)
 {
@@ -17,8 +19,10 @@ pw_check(struct passwd *pw, const char *pass)
 	struct spwd *spw;
 
 	p = pw->pw_passwd;
-	if (p[0] == '!' || p[0] == '*')
-		eprintf("denied\n");
+	if (p[0] == '!' || p[0] == '*') {
+		weprintf("denied\n");
+		return -1;
+	}
 
 	if (pw->pw_passwd[0] == '\0')
 		return pass[0] == '\0' ? 1 : 0;
@@ -26,20 +30,29 @@ pw_check(struct passwd *pw, const char *pass)
 	if (pw->pw_passwd[0] == 'x' && pw->pw_passwd[1] == '\0') {
 		errno = 0;
 		spw = getspnam(pw->pw_name);
-		if (errno)
-			eprintf("getspnam: %:", pw->pw_name);
-		else if (!spw)
-			eprintf("who are you?\n");
+		if (errno) {
+			weprintf("getspnam: %s:", pw->pw_name);
+			return -1;
+		} else if (!spw) {
+			weprintf("who are you?\n");
+			return -1;
+		}
 		p = spw->sp_pwdp;
-		if (p[0] == '!' || p[0] == '*')
-			eprintf("denied\n");
+		if (p[0] == '!' || p[0] == '*') {
+			weprintf("denied\n");
+			return -1;
+		}
 	}
 
 	cryptpass = crypt(pass, p);
-	if (!cryptpass)
-		eprintf("crypt:");
-	if (strcmp(cryptpass, p) != 0)
+	if (!cryptpass) {
+		weprintf("crypt:");
+		return -1;
+	}
+	if (strcmp(cryptpass, p) != 0) {
+		weprintf("incorrect password\n");
 		return 0;
+	}
 	return 1;
 }