Not an answer to your question, but in general (security wise) it can be a bad idea to give away what authentication information was incorrect. If someone's trying to brute force their way in and doesn't know account names if you tell them just the password was wrong then you've told they've got a valid account. Maybe not necessarily relevant in your particular application, but FYI.