diff --git a/gui/qml/main.qml b/gui/qml/main.qml
index 4d0e648c4f53e2d872d2e43dd6cbcbb23dc95813..fc47be0db9ea7cb40e8c60cc9d4f67a0155c6045 100644
--- a/gui/qml/main.qml
+++ b/gui/qml/main.qml
@@ -46,7 +46,11 @@ ApplicationWindow {
     function showInitFailure(msg) {
       console.debug("ERRORS:", ctx.errors)
       if (msg == undefined) {
-          if (ctx.errors == 'bad_auth') {
+          if (ctx.errors == 'bad_auth_502') {
+                  msg = qsTr("Oops! The authentication service seems down. Please try again later")
+              initFailure.title = qsTr("Service Error")
+          }
+          else if (ctx.errors == 'bad_auth') {
               if (allowEmptyPass) {
                   // For now, this is a libraryVPN, so we can be explicit about what credentials are here.
                   // Another option to consider is to customize the error strings while vendoring.
diff --git a/pkg/backend/api.go b/pkg/backend/api.go
index 1985e6b01edb34c4dc60cc59b04b9a6f9bf5853f..ea148f77de2ef3d89c9e5554ecd66802a3380d67 100644
--- a/pkg/backend/api.go
+++ b/pkg/backend/api.go
@@ -18,7 +18,11 @@ func Login(username, password string) {
 	success, err := ctx.bm.DoLogin(username, password)
 	if err != nil {
 		log.Printf("Error on login: %v", err)
-		ctx.Errors = "bad_auth"
+		if err.Error() == "Cannot get token: Error 502" {
+			ctx.Errors = "bad_auth_502"
+		} else {
+			ctx.Errors = "bad_auth"
+		}
 	} else if success {
 		log.Printf("Logged in as %s", username)
 		ctx.LoginOk = true