diff --git a/backend/db.coffee b/backend/db.coffee
index 795f1fe..66b7131 100644
--- a/backend/db.coffee
+++ b/backend/db.coffee
@@ -82,8 +82,7 @@ class FFTCGDB
             stmt.finalize()
             if err
               logger.warn "reg: FAIL db '#{err.code}' for '#{login}'"
-              # reduce attack surface, don't disclose user names
-              reject 'db' # user already exists
+              reject 'existence' # user already exists
 
             else
               logger.info "reg: OK '#{login}'"
@@ -106,8 +105,7 @@ class FFTCGDB
           # hash the password for timing attack reasons
           bcrypt.hash password, saltRounds, (err, hash) ->
             logger.debug "login: FAIL nonexistent '#{login}'"
-            # reduce attack surface, don't disclose user names
-            reject 'login' # user doesnt exist
+            reject 'existence' # user doesnt exist
 
         else
           bcrypt.compare password, row.pwdhash, (err, res) ->