diff --git a/internal/httpd/flash_test.go b/internal/httpd/flash_test.go
index 34c0fdbfe..8b57484f6 100644
--- a/internal/httpd/flash_test.go
+++ b/internal/httpd/flash_test.go
@@ -16,6 +16,7 @@ package httpd
 
 import (
 	"encoding/base64"
+	"encoding/json"
 	"fmt"
 	"net/http"
 	"net/http/httptest"
@@ -23,18 +24,29 @@ import (
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+
+	"github.com/drakkan/sftpgo/v2/internal/util"
 )
 
 func TestFlashMessages(t *testing.T) {
 	rr := httptest.NewRecorder()
 	req, err := http.NewRequest(http.MethodGet, "/url", nil)
 	require.NoError(t, err)
-	message := "test message"
-	setFlashMessage(rr, req, flashMessage{ErrorString: message})
-	req.Header.Set("Cookie", fmt.Sprintf("%v=%v", flashCookieName, base64.URLEncoding.EncodeToString([]byte(message))))
+	message := flashMessage{
+		ErrorString: "error",
+		I18nMessage: util.I18nChangePwdTitle,
+	}
+	setFlashMessage(rr, req, message)
+	value, err := json.Marshal(message)
+	assert.NoError(t, err)
+	req.Header.Set("Cookie", fmt.Sprintf("%v=%v", flashCookieName, base64.URLEncoding.EncodeToString(value)))
 	msg := getFlashMessage(rr, req)
-	assert.Equal(t, message, msg.ErrorString)
+	assert.Equal(t, message, msg)
+	assert.Equal(t, util.I18nChangePwdTitle, msg.getI18nError().Message)
 	req.Header.Set("Cookie", fmt.Sprintf("%v=%v", flashCookieName, "a"))
 	msg = getFlashMessage(rr, req)
 	assert.Empty(t, msg)
+	req.Header.Set("Cookie", fmt.Sprintf("%v=%v", flashCookieName, "YQ=="))
+	msg = getFlashMessage(rr, req)
+	assert.Empty(t, msg)
 }
diff --git a/internal/httpd/httpd_test.go b/internal/httpd/httpd_test.go
index d9b445f27..77eb176ef 100644
--- a/internal/httpd/httpd_test.go
+++ b/internal/httpd/httpd_test.go
@@ -9806,7 +9806,7 @@ func TestWebUserTwoFactorLogin(t *testing.T) {
 	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 	rr = executeRequest(req)
 	assert.Equal(t, http.StatusOK, rr.Code)
-	assert.Contains(t, rr.Body.String(), "Two factory authentication is not enabled")
+	assert.Contains(t, rr.Body.String(), util.I18n2FADisabled)
 
 	req, err = http.NewRequest(http.MethodPost, webClientTwoFactorPath, bytes.NewBuffer([]byte(form.Encode())))
 	assert.NoError(t, err)
diff --git a/templates/webclient/login.html b/templates/webclient/login.html
index edc3aa0ff..d3537b69a 100644
--- a/templates/webclient/login.html
+++ b/templates/webclient/login.html
@@ -59,7 +59,9 @@ <h1 class="text-gray-900 mb-3 ms-3">
 								<div data-i18n="general.or" class="text-center text-muted text-uppercase fw-bold mb-5">or</div>
 								{{- end}}
 								<a href="{{.OpenIDLoginURL}}" class="btn btn-flex flex-center btn-light btn-lg w-100 mb-5">
-								<img data-i18n="login.signin_openid" alt="Logo" src="{{.StaticURL}}/img/openid-logo.png" class="h-20px me-3" />Sign in with OpenID</a>
+									<img alt="Logo" src="{{.StaticURL}}/img/openid-logo.png" class="h-20px me-3" />
+									<span data-i18n="login.signin_openid">Sign in with OpenID</span>
+								</a>
 								{{- end}}
 							</div>
 						</form>