diff --git a/app/backend/utils/hashing.py b/app/backend/utils/hashing.py
index 8fb9fbcf0e99392ddcedec489e706d60debbc908..68970bd2116f985f9af31d0abb4669e2812cc462 100644
--- a/app/backend/utils/hashing.py
+++ b/app/backend/utils/hashing.py
@@ -42,9 +42,15 @@ def decode_token(token: str) -> int:
         user_id = payload.get("sub")
         if user_id is None:
             print("No user_id in token payload")
-            pass
+            raise HTTPException(
+                status_code=401, detail="Invalid authentication credentials"
+            )
+
         return user_id
     except jwt.ExpiredSignatureError:
         raise HTTPException(status_code=401, detail="Token has expired")
     except PyJWTError as e:
-        pass
+        print(f"JWT error: {str(e)}")
+        raise HTTPException(
+            status_code=401, detail=f"Invalid authentication credentials: {str(e)}"
+        )
diff --git a/app/tests/test_auth.py b/app/tests/test_auth.py
index d42d918bc8d7a47e0124797cbbd14dd5b9106b45..14b20ee7d3b57d1d252b296dd62df1fd8efa670b 100644
--- a/app/tests/test_auth.py
+++ b/app/tests/test_auth.py
@@ -161,7 +161,7 @@ def test_login_missing_user(client, db_session):
     login_data = {"email": "nonexistent@example.com", "password": "testpassword123"}
     response = client.post("/auth/login", json=login_data)
     assert response.status_code == 401
-    assert "Invalid credentials" in response.json()["detail"]
+    assert "Invalid email or password" in response.json()["detail"]
 
 
 def test_login_invalid_credentials(client, db_session):
@@ -169,7 +169,7 @@ def test_login_invalid_credentials(client, db_session):
     login_data = {"email": "wrong@example.com", "password": "wrongpassword"}
     response = client.post("/auth/login", json=login_data)
     assert response.status_code == 401
-    assert "Invalid credentials" in response.json()["detail"]
+    assert "Invalid email or password" in response.json()["detail"]
 
 
 def test_get_profile(client, db_session):