diff --git a/chrome-extension/popup.js b/chrome-extension/popup.js
index 231ee2a..a8fb5c9 100644
--- a/chrome-extension/popup.js
+++ b/chrome-extension/popup.js
@@ -87,9 +87,11 @@ async function login() {
       await loadFolders();
     } else {
       setConnStatus('red', r.error || 'Auth failed');
+      showSettingsStatus(`❌ ${r.error || 'Auth failed'}`, 'error');
     }
   } catch (e) {
     setConnStatus('red', 'Connection failed');
+    showSettingsStatus(`❌ ${e.message || 'Connection failed'}`, 'error');
   }
 }
 
@@ -310,7 +312,12 @@ async function apiFetch(method, path, body) {
   if (authToken) opts.headers['x-auth-token'] = authToken;
   if (body) opts.body = JSON.stringify(body);
   const r = await fetch(url, opts);
-  if (r.status === 401) { authToken = null; await chrome.storage.local.remove('token'); throw new Error('Session expired'); }
+  // Don't treat 401 on /api/login as session expiry — it's just bad credentials
+  if (r.status === 401 && !path.includes('/api/login')) {
+    authToken = null;
+    await chrome.storage.local.remove('token');
+    throw new Error('Session expired');
+  }
   return r.json();
 }