diff --git a/cmd/autobrrctl/main.go b/cmd/autobrrctl/main.go
index afc4c0e..308d082 100644
--- a/cmd/autobrrctl/main.go
+++ b/cmd/autobrrctl/main.go
@@ -286,32 +286,32 @@ func main() {
 	}
 }
 
-func readPassword() ([]byte, error) {
-	var password []byte
-	var err error
+func readPassword() (password []byte, err error) {
 	fd := int(os.Stdin.Fd())
 
 	if term.IsTerminal(fd) {
 		fmt.Printf("Password: ")
 		password, err = term.ReadPassword(int(os.Stdin.Fd()))
-		if err != nil {
-			return nil, err
-		}
 		fmt.Printf("\n")
+		if err != nil {
+			return nil, errors.Wrap(err, "failed to read password from terminal")
+		}
 	} else {
-		//fmt.Fprintf(os.Stderr, "warning: Reading password from stdin.\n")
 		scanner := bufio.NewScanner(os.Stdin)
 		if !scanner.Scan() {
 			if err := scanner.Err(); err != nil {
-				log.Fatalf("failed to read password from stdin: %v", err)
+				return nil, errors.Wrap(err, "failed to read password from stdin")
 			}
-			log.Fatalf("failed to read password from stdin: stdin is empty %v", err)
-		}
-		password = scanner.Bytes()
 
-		if len(password) == 0 {
-			return nil, errors.New("zero length password")
+			return nil, errors.New("password input is empty")
 		}
+
+		password = scanner.Bytes()
+	}
+
+	// make sure the password is not empty
+	if len(password) == 0 {
+		return nil, errors.New("zero length password")
 	}
 
 	return password, nil
diff --git a/internal/auth/service.go b/internal/auth/service.go
index faa749e..b31aaf1 100644
--- a/internal/auth/service.go
+++ b/internal/auth/service.go
@@ -154,5 +154,9 @@ func (s *service) ComparePasswordAndHash(password string, hash string) (match bo
 }
 
 func (s *service) CreateHash(password string) (hash string, err error) {
+	if password == "" {
+		return "", errors.New("must supply non empty password to CreateHash")
+	}
+
 	return argon2id.CreateHash(password, argon2id.DefaultParams)
 }