diff --git a/rhodecode/authentication/plugins/auth_rhodecode.py b/rhodecode/authentication/plugins/auth_rhodecode.py
--- a/rhodecode/authentication/plugins/auth_rhodecode.py
+++ b/rhodecode/authentication/plugins/auth_rhodecode.py
@@ -127,14 +127,14 @@ class RhodeCodeAuthPlugin(RhodeCodeAuthP
 
             if userobj.username == User.DEFAULT_USER and userobj.active:
                 log.info(
-                    'user `%s` authenticated correctly as anonymous user', userobj)
+                    'user `%s` authenticated correctly as anonymous user', userobj.username)
                 return user_attrs
 
             elif userobj.username == username and password_match:
-                log.info('user `%s` authenticated correctly', userobj)
+                log.info('user `%s` authenticated correctly', userobj.username)
                 return user_attrs
-            log.info("user %s had a bad password when "
-                     "authenticating on this plugin", userobj)
+            log.warn("user `%s` used a wrong password when "
+                     "authenticating on this plugin", userobj.username)
             return None
         else:
             log.warning(
diff --git a/rhodecode/authentication/plugins/auth_token.py b/rhodecode/authentication/plugins/auth_token.py
--- a/rhodecode/authentication/plugins/auth_token.py
+++ b/rhodecode/authentication/plugins/auth_token.py
@@ -137,7 +137,7 @@ class RhodeCodeAuthPlugin(RhodeCodeAuthP
                     'user `%s` successfully authenticated via %s',
                     user_attrs['username'], self.name)
                 return user_attrs
-            log.error(
+            log.warn(
                 'user `%s` failed to authenticate via %s, reason: bad or '
                 'inactive token.', username, self.name)
         else: