diff --git a/src/Http/Controllers/AuthenticatedSessionController.php b/src/Http/Controllers/AuthenticatedSessionController.php
index 3a88ef0..7f28604 100644
--- a/src/Http/Controllers/AuthenticatedSessionController.php
+++ b/src/Http/Controllers/AuthenticatedSessionController.php
@@ -40,28 +40,31 @@ public function store(LoginRequest $request): LoginResource|JsonResponse
         if ($attemptUser->wrong_password > config('fintech.auth.threshold.password', 10)) {
 
             \Fintech\Auth\Facades\Auth::user()->update($attemptUser->id, [
-                'status' => UserStatus::InActive->value,
+                'status' => UserStatus::InActive->value
             ]);
 
             return $this->failed(__('auth::messages.lockup'));
         }
 
-        if (! Hash::check($request->input('password'), $attemptUser->password)) {
+        if (!Hash::check($request->input('password'), $attemptUser->password)) {
 
             $request->hitRateLimited();
-
+            $wrongPasswordCount = $attemptUser->wrong_password + 1;
             \Fintech\Auth\Facades\Auth::user()->update($attemptUser->id, [
-                'wrong_password' => $attemptUser->wrong_password + 1,
+                'wrong_password' => $wrongPasswordCount,
             ]);
 
-            return $this->failed(__('auth::messages.failed'));
+            return $this->failed(__('auth::messages.warning', [
+                'attempt' => $wrongPasswordCount,
+                'threshold' => config('fintech.auth.threshold.password', 10)
+            ]));
         }
 
         $request->clearRateLimited();
 
         Auth::login($attemptUser);
 
-        Auth::user()->tokens->each(fn ($token) => $token->delete());
+        Auth::user()->tokens->each(fn($token) => $token->delete());
 
         //permission check
 
diff --git a/src/Models/User.php b/src/Models/User.php
index fe1920a..7b4764c 100644
--- a/src/Models/User.php
+++ b/src/Models/User.php
@@ -30,6 +30,12 @@ class User extends Authenticatable implements Auditable
     protected $casts = [
         'email_verified_at' => 'datetime',
         'mobile_verified_at' => 'datetime',
+        'wrong_password' => 'integer'
+    ];
+
+    protected $attributes = [
+        'wrong_password' => 0,
+        'wrong_pin' => 0,
     ];
 
     /*
diff --git a/src/Services/UserService.php b/src/Services/UserService.php
index 650e66a..a76604b 100644
--- a/src/Services/UserService.php
+++ b/src/Services/UserService.php
@@ -125,10 +125,10 @@ public function read($id)
 
     public function update($id, array $inputs = [])
     {
-        if ($inputs['password']) {
+        if (isset($inputs['password']) && !empty($inputs['password'])) {
             $inputs['password'] = Hash::make($inputs['password']);
         }
-        if ($inputs['pin']) {
+        if (isset($inputs['pin']) && !empty($inputs['pin'])) {
             $inputs['pin'] = Hash::make($inputs['pin']);
         }