diff --git a/config/locales/en.yml b/config/locales/en.yml
index a485f335f..e06b135d9 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -75,6 +75,9 @@ en:
               inclusion: You must select one of the following options for how would like to fix errors
 
   activerecord:
+    attributes:
+      user:
+        email: email
     errors:
       models:
         scheme:
@@ -123,6 +126,9 @@ en:
             role:
               invalid: "Role must be data accessor, data provider or data coordinator"
               blank: "Select role"
+            password:
+              blank: Enter a password
+              too_short: Password is too short (minimum is %{count} characters)
         merge_request:
           attributes:
             absorbing_organisation_id:
@@ -138,7 +144,6 @@ en:
             new_organisation_telephone_number:
               blank: "Enter a valid telephone number"
 
-
   validations:
     organisation:
       name_missing: "Enter the name of the organisation"
diff --git a/spec/features/auth/sign_in_spec.rb b/spec/features/auth/sign_in_spec.rb
new file mode 100644
index 000000000..7b6103734
--- /dev/null
+++ b/spec/features/auth/sign_in_spec.rb
@@ -0,0 +1,15 @@
+require "rails_helper"
+
+RSpec.describe "User sign in" do
+  let(:user) { FactoryBot.create(:user) }
+
+  context "when wrong credentials" do
+    it "shows correct error message" do
+      visit("/account/sign-in")
+      fill_in("user[email]", with: user.email)
+      fill_in("user[password]", with: "wrong_password")
+      click_button("Sign in")
+      expect(page).to have_content("Incorrect email or password")
+    end
+  end
+end
diff --git a/spec/features/auth/user_lockout_spec.rb b/spec/features/auth/user_lockout_spec.rb
index 68cf78b2a..dce964c30 100644
--- a/spec/features/auth/user_lockout_spec.rb
+++ b/spec/features/auth/user_lockout_spec.rb
@@ -21,7 +21,7 @@ RSpec.describe "User Lockout" do
       fill_in("user[email]", with: user.email)
       fill_in("user[password]", with: user.password)
       click_button("Sign in")
-      expect(page).to have_http_status(:unprocessable_entity)
+      expect(page).to have_http_status(:ok)
       expect(page).to have_content(I18n.t("devise.failure.locked"))
     end
   end
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 8d9407dc2..1cdbe7cd4 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -268,7 +268,7 @@ RSpec.describe User, type: :model do
 
     context "when a too short password is entered" do
       let(:password) { "123" }
-      let(:error_message) { "Validation failed: Password #{I18n.t('errors.messages.too_short', count: 8)}" }
+      let(:error_message) { "Validation failed: Password #{I18n.t('activerecord.errors.models.user.attributes.password.too_short', count: 8)}" }
 
       it "validates password length" do
         expect { FactoryBot.create(:user, password:) }
@@ -278,7 +278,7 @@ RSpec.describe User, type: :model do
 
     context "when an invalid email is entered" do
       let(:invalid_email) { "not_an_email" }
-      let(:error_message) { "Validation failed: Email #{I18n.t('activerecord.errors.models.user.attributes.email.invalid')}" }
+      let(:error_message) { "Validation failed: email #{I18n.t('activerecord.errors.models.user.attributes.email.invalid')}" }
 
       it "validates email format" do
         expect { FactoryBot.create(:user, email: invalid_email) }
@@ -288,7 +288,7 @@ RSpec.describe User, type: :model do
 
     context "when the email entered has already been used" do
       let(:user) { FactoryBot.create(:user) }
-      let(:error_message) { "Validation failed: Email #{I18n.t('activerecord.errors.models.user.attributes.email.taken')}" }
+      let(:error_message) { "Validation failed: email #{I18n.t('activerecord.errors.models.user.attributes.email.taken')}" }
 
       it "validates email uniqueness" do
         expect { FactoryBot.create(:user, email: user.email) }